WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25490 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 476e9981867e Credits...

WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Link Juice Keeper Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25793 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e876a8c5d0a6 Credits Abdi Pranata Required...

WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Tapfiliate Type Plugin Vulnerable versions = 3.0.12 Fixed in 3.0.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25789 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3c37b6ed9dee Credits Rio Darmawan Required...

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Broken Access Control

Software Quick Paypal Payments Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25714 Patch priority High CVSS severity High 7.5 Developer Fullworks Plugins PSID 70f3386a0525 Credits yuyudhn Required...

WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Multi Rating Type Plugin Vulnerable versions = 5.0.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47433 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dedf07346191 Credits minhtuanact Required...

WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.11 Fixed in 3.9.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25709 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f57ac9a0dcf Credits thiennv...

WordPress WPGlobus Translate Options Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WPGlobus Translate Options Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25711 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 62953df5e274 Credits thienn...

WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46811 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSI...

WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...

WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection

Software GamiPress Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-24000 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 3c1780f1edaa Credits Dave Jong Patchstack Required privilege...

WordPress Profile Builder Plugin <= 3.9.0 is vulnerable to Sensitive Data Exposure

Software Profile Builder Type Plugin Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0814 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 43ad15dcf7ab Credits István Márton Required...

WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cart All In One For WooCommerce Type Plugin Vulnerable versions = 1.1.10 Fixed in 1.1.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46806 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f842f506d26 Credits C...

WordPress Robots.txt optimization Plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Robots.txt optimization Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25706 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1bba120cb645 Credits Abdi Pranat...

WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Opt-Out for Google Analytics Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25712 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2387d8d69039 Credits Rio Darmaw...

WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection

Software RSVPMarker Type Plugin Vulnerable versions = 9.9.3 Fixed in 9.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25045 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID b21a0533c506 Credits Aldo Dimas Anugrah K Required privilege Administrator...

WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software GamiPress Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25697 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 466ccc666256 Credits Dave Jong Patchstack...

WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Portfolio – WordPress Portfolio Plugin Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23685 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 518a0520e6c9 Credit...

WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcb98ded3ded Credits Oliver K...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25040 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7acc7c74ae4b Credits Rafie Muhammad...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Arbitrary File Download

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2023-25050 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 547ac1ab598f Credits Rafie Muhammad...