WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Client Portal – Private user pages and login Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25968 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41903f8c3f9...

WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Hero Banner Ultimate Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45818 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f00bc682c547 Credits thiennv Required...

WordPress Media Library Assistant Plugin < 3.06 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions 3.06 Fixed in 3.06 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0279 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID a816641d579e Credits Daniel Krohmer Fraunhofer IESE Kunal Sharma...

WordPress BuddyForms Plugin <= 2.7.7 is vulnerable to PHP Object Injection

Software BuddyForms Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 2e9e362a10ab Credits WordFence Required privilege Subscriber Published 21...

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23830 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b724881f96bc Credits Rafie Muhammad...

WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Read More Excerpt Link Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26011 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 838704e6067f Credits Mika Required...

WordPress Stock market charts from finviz Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Stock market charts from finviz Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23809 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 206bbc36367f Credits Rio...

WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Broken Access Control

Software Protected Posts Logout Button Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 524d5fc86c25 Credits yuyudhn Require...

WordPress Clio Grow Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Clio Grow Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22683 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5da0567f175d Credits Rio Darmawan Required privile...

WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Software CSS JS Manager Type Plugin Vulnerable versions = 2.4.49 Fixed in 2.4.49.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d901e9767d13 Credits rezaduty Require...

WordPress Ditty Plugin <= 3.0.32 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions = 3.0.32 Fixed in 3.0.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23874 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 158d4ac409d4 Credits Rafshanzani Suhada Required...

WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Visualizer Type Plugin Vulnerable versions = 3.9.4 Fixed in 3.9.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23708 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d0daddcc471b Credits Rafshanzani Suhada Required...

WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software PayGreen Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25986 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6c9947e1536c Credits Lokesh Dachepalli Required...

WordPress Quiz And Survey Master Plugin <= 8.0.8 is vulnerable to Arbitrary Content Deletion

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.8 Fixed in 8.0.9 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0291 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e9a3307d184 Credits Julien Ahrens...

WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Zeno Font Resizer Type Plugin Vulnerable versions = 1.7.9 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25442 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9818bffc879d Credits Rio Darmawan Required...

WordPress Scriptless Social Sharing Plugin < 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Scriptless Social Sharing Type Plugin Vulnerable versions 3.2.2 Fixed in 3.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0377 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ac2027e820d0 Credits Lana Codes...

WordPress Get URL Cron Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Get URL Cron Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ed2c1394cbbb Credits Rio Darmawan Required privilege...

CVE-2023-23460

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...

SUSE CVE-2010-0622

The wakefutexpi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance PI futex, which allows local users to cause a denial of service OOPS and possibly have unspecified other impact via vectors involving...