WordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Us page - Contact people LITE Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23973 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 924b5ed1c57e Credi...

WordPress Themify Portfolio Post Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Portfolio Post Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0362 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c14d4085b20e Credits Lana Codes...

WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control

Software URL Shortener by MyThemeShop Type Plugin Vulnerable versions = 1.0.17 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23896 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e643a0198210 Credits István Márt...

WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Page Loading Effects Type Plugin Vulnerable versions = 2.0.0 Fixed in 3.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23718 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 68ff95331eeb Credits yuyudhn Required...

WordPress Camera slideshow Plugin <= 1.4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Camera slideshow Type Plugin Vulnerable versions = 1.4.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a784f0137b80 Credits thiennv Required...

WordPress User Meta Manager Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software User Meta Manager Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d307e7329c6e Credits minhtuanact...

WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)

Software M Chart Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 383eb1775479 Credits thiennv Required privilege...

WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)

Software Admin Log Type Plugin Vulnerable versions = 1.50 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5b0513f078ee Credits Mika Required privilege...

WordPress YARPP Plugin <= 5.30.2 is vulnerable to Cross Site Scripting (XSS)

Software YARPP Type Plugin Vulnerable versions = 5.30.2 Fixed in 5.30.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2022-4471 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60c430d55f43 Credits István Márton Required...

WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection

Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...

WordPress Custom 404 Pro Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0385 Patch priority Low CVSS severity Low 5.4 Developer Kunal Nagar PSID a124f27371a3 Credits Marco Wotschka Required...

WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...

WordPress TemplatesNext ToolKit Plugin < 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software TemplatesNext ToolKit Type Plugin Vulnerable versions 3.2.9 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9f3110209bb9 Credits WPScan Require...

WordPress Enable Media Replace Plugin < 4.0.2 is vulnerable to Arbitrary File Upload

Software Enable Media Replace Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0255 Patch priority High CVSS severity High 9.1 Developer ShortPixel PSID 1a8eac52cb81 Credits dc11 Required privilege Author Published 1...

WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Settings Change

Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23669 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID ad99cab21d6e Credits Dave Jong Patchsta...

WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Broken Access Control

Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22699 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID aa51573e0a8b Credits Dave Jong...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23650 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 27d865081452 Credits Dave...

WordPress WP-CommentNavi Plugin <= 1.12.1 is vulnerable to Cross Site Scripting (XSS)

Software WP-CommentNavi Type Plugin Vulnerable versions = 1.12.1 Fixed in 1.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22715 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f51dcf4c7b1f Credits Rio Darmawan Required...

WordPress Rich Table of Contents Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Rich Table of Contents Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4551 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2ac49cba0f41 Credits Lana Codes...