WordPress Rank Math SEO Plugin <= 1.0.107.2 is vulnerable to Local File Inclusion

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.107.2 Fixed in 1.0.107.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23888 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID e3a7d6a3381a Credits Rafie Muhammad Patchstack Required...

WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.0.9 is vulnerable to SQL Injection

Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.0.9 Fixed in 2.0.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0487 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID cdb7568b0dc6 Credits qerogramat Kak...

Beyond the basics: Implementing an active defense

Active defense a key approach to protecting against major threats Having an active defense posture, where the defenders actively use threat intelligence and their own environment telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0713 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74dfca7bfe3c Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0726 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b813357081c1 Credits Marco Wotschka...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0722 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7e061023b7ce Credits Marco Wotschka...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0715 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bf9e7164b8aa Credits Marco Wotschka Requir...

WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection

Software Plugin for Google Reviews Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-44580 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 5131a96c12f6 Credits Rafie Muhammad Patchstack Required...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0711 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID f6e0caeea0c4 Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e2bdc56150c0 Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0712 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID a0b2e732bd9f Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0727 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1a19464c32ce Credits Marco Wotschka...

WordPress Responsive Pricing Table Plugin <= 5.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Pricing Table Type Plugin Vulnerable versions = 5.1.6 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46855 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8d5fffd282ff Credits Muhammad Daffa...

WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Slider by Supsystic Type Plugin Vulnerable versions = 1.8.5 Fixed in 1.8.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47155 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a6ba385ca1f Credits rezaduty Requir...

WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Broken Access Control

Software Quick Contact Form Type Plugin Vulnerable versions = 8.0.3.1 Fixed in 8.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25035 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4879b77b9e44 Credits yuyudhn Required...

WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Quick Contact Form Type Plugin Vulnerable versions = 8.0.3.1 Fixed in 8.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23885 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1ea94a82999e Credits yuyudhn Required...

WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection

Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45370 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aa57ae50e983 Credits Mika Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45810 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID bc18fb9ece3e Credits Mika Required privilege...

WordPress Auto Affiliate Links Plugin <= 6.2.1.5 is vulnerable to Privilege Escalation

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.2.1.5 Fixed in 6.2.1.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-45840 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 552906959004 Credits Nguyen Anh Tien...