WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a881348f2d40 Credits Prasanna V Balaji Required...

WordPress Search in Place Plugin <= 1.0.104 is vulnerable to Other Vulnerability Type

Software Search in Place Type Plugin Vulnerable versions = 1.0.104 Fixed in 1.0.105 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-26521 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e57d979e5122 Credits István Márton Required...

WordPress OceanWP Theme <= 3.4.1 is vulnerable to Local File Inclusion

Software OceanWP Type Theme Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23700 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 78647cd015a5 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Coupon Zen Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coupon Zen Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6059f6769c37 Credits WordFence Required privilege...

WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Slug Translate Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a353ffb7160f Credits yuyudhn Required...

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0586 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5d5ff254df57 Credits Ivan Kuzymchak...

WordPress Darcie Theme <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Darcie Type Theme Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25961 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 213da94cc277 Credits MyungJu Kim Required privilege...

WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26517 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0d81df240e3 Credits Rio Darmawan...

WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Drag and Drop Multiple File Upload – Contact Form 7 Type Plugin Vulnerable versions = 1.3.6.5 Fixed in 1.3.6.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45364 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software Top 10 Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer WebberZone PSID 0fa5b1c87acc Credits WordFence Required privilege Subscriber Publishe...

WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Zendrop – Global Dropshipping Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-25970 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 180f30af21a8 Credits Dave Jong...

WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to SQL Injection

Software Zendrop – Global Dropshipping Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25960 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 95ad356dc57b Credits Dave Jong Patchstack Required...

WordPress Apollo13 Framework Extensions Plugin <= 1.8.10 is vulnerable to Broken Access Control

Software Apollo13 Framework Extensions Type Plugin Vulnerable versions = 1.8.10 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25959 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e663c34e63b0 Credits István Márton...

WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software YouTube Channel Type Plugin Vulnerable versions = 3.23.3 Fixed in 3.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25987 Patch priority Low CVSS severity Low 4.3 Developer Aleksandar Urošević PSID fad79021f069 Credits Mika Required...

WordPress VK All in One Expansion Unit Plugin <= 9.87.0.1 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.87.0.1 Fixed in 9.87.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c3722e6e8342 Credits WordFence...

WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software CPT – Speakers Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25977 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3e1184654a6a Credits Mahesh Nagabhairava Required...

WordPress WP Meta SEO Plugin <= 4.5.2 is vulnerable to SQL Injection

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.2 Fixed in 4.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ed22c0b021d4 Credits WordFence Required privilege Subscriber Published 23 February,...

WordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File Deletion

Software All In One Favicon Type Plugin Vulnerable versions = 4.7 Fixed in 4.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-24416 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID b9929b1d7eae Credits Mika Required privilege...

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software CM Answers Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25992 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ea97458a6a8c Credits MyungJu Kim Required privile...

WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID acc4d402d165 Credits WordFence Required privilege...