WordPress MainWP Clone Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Clone Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23642 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID fedefb75fe08 Credits Dave Jong...

WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection

Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...

WordPress MainWP Boilerplate Extension Plugin <= 4.1 is vulnerable to Broken Access Control

Software MainWP Boilerplate Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23744 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dc04c8344b84 Credits Dave Jong...

WordPress MainWP Article Uploader Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Article Uploader Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23742 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e674bdb18c0f Credits Dave Jong...

WordPress MainWP White Label Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control

Software MainWP White Label Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23748 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4cf93d58a995 Credits Dave Jong...

WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS)

Software teachPress Type Plugin Vulnerable versions = 8.1.8 Fixed in 8.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8de649d41654 Credits Nguyen Xuan Chien...

WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection

Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9ddad2ceeae4 Credits Dave Jong Patchstack Required...

WordPress Widgets on Pages Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Widgets on Pages Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4488 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86b237a22e6a Credits Lana Codes Requir...

WordPress MainWP File Uploader Extension Plugin <= 4.1 is vulnerable to Arbitrary File Upload

Software MainWP File Uploader Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2023-23656 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f49d8364bda5 Credits Dave Jong...

WordPress Judge.me Product Reviews for WooCommerce Plugin < 1.3.21 is vulnerable to Cross Site Scripting (XSS)

Software Judge.me Product Reviews for WooCommerce Type Plugin Vulnerable versions 1.3.21 Fixed in 1.3.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0061 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fda1dafd296...

WordPress MainWP Post Plus Extension Plugin <= 4.0.3 is vulnerable to Arbitrary Content Deletion

Software MainWP Post Plus Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-23666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 66ca6cd7da00 Credits Dave Jong...

WordPress Easy Accept Payments Plugin < 4.9.10 is vulnerable to Cross Site Scripting (XSS)

Software Easy Accept Payments Type Plugin Vulnerable versions 4.9.10 Fixed in 4.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0275 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 334f1469f03f Credits Lana Codes...

WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47605 Patch priority Low CVSS severity Low 8.3 Developer Kunal Nagar PSID 960f40facc61 Credits minhtuanact Required privilege Administrator Published...

WordPress YourChannel: Everything you want in a YouTube Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0282 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bf43a58f39a3...

WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control

Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...

WordPress Paid Memberships Pro Plugin <= 2.9.7 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.7 Fixed in 2.9.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23488 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID ac5e3d7c8149 Credits Joshua Martinelle Required privilege...

WordPress Easy Digital Downloads Plugin <= 3.1.0.3 is vulnerable to SQL Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.0.3 Fixed in 3.1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23489 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 8ebed23bcf9a Credits Joshua Martinelle Required privilege...

CVE-2023-22391

A vulnerability in class-of-service CoS queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service DoS. Specific packets are being incorrectly routed to a queue used for other high-priority traffic such a...

WordPress WP Booklet Plugin <= 2.1.8 is vulnerable to Remote Code Execution (RCE)

Software WP Booklet Type Plugin Vulnerable versions = 2.1.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-22677 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1a71e450e6f5 Credits Le Ngoc Anh Required privilege Subscriber...

WordPress ExactMetrics Plugin < 7.12.1 is vulnerable to Cross Site Scripting (XSS)

Software ExactMetrics Type Plugin Vulnerable versions 7.12.1 Fixed in 7.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0082 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5eb38112ee75 Credits Lana Codes Required...