WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Visualizer Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46848 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d57cada7c6d Credits Muhammad Daffa Required...

WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Chained Quiz Type Plugin Vulnerable versions = 1.3.2.5 Fixed in 1.3.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25027 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5cabf5b49c21 Credits yuyudhn Required...

WordPress Redirection for Contact Form 7 Plugin <= 2.7.0 is vulnerable to Privilege Escalation

Software Redirection for Contact Form 7 Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2023-23990 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 29717ecca8e6 Credits Rafie Muhamma...

WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25046 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 491cd1d794bf Credits yuyudhn...

WordPress Kraken.io Image Optimizer Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Kraken.io Image Optimizer Type Plugin Vulnerable versions = 2.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0619 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b987322713b6 Credits Marco Wotschka -...

WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions = 2.5.11.2 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-44743 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9031f3e3273b Credits thiennv Required...

WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to Arbitrary File Download

Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2022-45368 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 541a2fe842ed Credits Rodrigo Escobar...

WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Rating Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1dcbbd6b8544 Credits rezaduty Required...

WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.3 Fixed in 6.3.0.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-22689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6689a92a0421 Credits...

WordPress Album and Image Gallery plus Lightbox Plugin <= 1.6.2 is vulnerable to Broken Access Control

Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25060 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd001a553b6f Credits Cat...

WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection

Software Posts and Users Stats Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-44738 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID adb9c8d12136 Credits Mika Required privilege Subscriber Publishe...

WordPress ShortPixel Adaptive Images Plugin < 3.6.3 is vulnerable to Cross Site Scripting (XSS)

Software ShortPixel Adaptive Images Type Plugin Vulnerable versions 3.6.3 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0334 Patch priority High CVSS severity High 7.1 Developer ShortPixel PSID 58e461d9e0d8 Credits dc11 Required...

WordPress Beautiful Cookie Consent Banner Plugin <= 2.10.0 is vulnerable to Cross Site Scripting (XSS)

Software Beautiful Cookie Consent Banner Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 90e192c918ce Credits Wordfence...

WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection

Software WP Statistics Type Plugin Vulnerable versions = 13.2.10 Fixed in 13.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-38074 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 7a7be43a0e11 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Easy Digital Downloads Plugin < 3.1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Digital Downloads Type Plugin Vulnerable versions 3.1.0.5 Fixed in 3.1.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0380 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 553ace90a817 Credits István...

WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...

WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0553 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 407875987b88 Credits Marco Wotschka Iva...

WordPress ContentStudio Plugin < 1.2.6 is vulnerable to Other Vulnerability Type

Software ContentStudio Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-0556 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 3749f412d25d Credits Marco Wotschka Required privilege...

WordPress ShopLentor Plugin < 2.5.4 is vulnerable to PHP Object Injection

Software ShopLentor Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-0232 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 0065ec87acd5 Credits WPScan Required privilege Unauthenticated...