WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51360 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID aa89b26b64fb Credits Rafie Muhamm...

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?...

WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Any Extension to Pages Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b3821f100fa4 Credits Nguyen Xuan...

WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.85 Fixed in 1.0.86 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50860 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 27837f5455f3 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50838 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3121cd44ed44 Credits Khalid Yusuf Required privilege...

WordPress Limit Login Attempts Reloaded Plugin <= 2.25.26 is vulnerable to Cross Site Scripting (XSS)

Software Limit Login Attempts Reloaded Type Plugin Vulnerable versions = 2.25.26 Fixed in 2.25.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6934 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2de2d139dd65 Credits Hung...

WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection

Software Booking Manager Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50840 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1f8bbef81167 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Squirrly SEO - Advanced Pack Plugin <= 2.3.8 is vulnerable to SQL Injection

Software Squirrly SEO - Advanced Pack Type Plugin Vulnerable versions = 2.3.8 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50854 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d251faf0f6ee Credits Muhammad Daffa Required privilege...

WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50857 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc113d13a945 Credits Muhammad Daffa Required privilege...

WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.4.5 Fixed in 5.2.4.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50846 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9ebe43b2d455 Credits Muhammad Daffa Required privilege...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.8.1 is vulnerable to SQL Injection

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50839 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e03053a216be Credits Fariq Fadillah...

WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions 1.6.6.1 Fixed in 1.6.6.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50851 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a0f5e904e5c2 Credits Muhammad Daffa Required privilege...

WordPress Paid Memberships Pro Plugin <= 2.12.5 is vulnerable to Broken Access Control

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.5 Fixed in 2.12.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6855 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb6688b14c42 Credits Webbernaut Required...

WordPress Photo Gallery by 10Web Plugin <= 1.8.18 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.18 Fixed in 1.8.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6924 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0bcf8b758508 Credits István Márton...

WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50842 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 54f1b98a01c0 Credits Khalid Yusuf Required privilege Contributor...

WordPress Clone Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure

Software Clone Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6750 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 53f7fdbe82a9 Credits Dmitrii Ignatyev Required privilege...

WordPress Image horizontal reel scroll slideshow Plugin <= 13.3 is vulnerable to Cross Site Scripting (XSS)

Software Image horizontal reel scroll slideshow Type Plugin Vulnerable versions = 13.3 Fixed in 13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5413 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4bff9d695d5 Credits...

WordPress WP Crowdfunding Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Crowdfunding Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 341ae7773e99 Credits David Suho Lee Required...

WordPress Accredible Certificates & Open Badges Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Accredible Certificates & Open Badges Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50827 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dce9609936de Credits emad Required...

WordPress Bit File Manager Plugin < 6.3 is vulnerable to Path Traversal

Software Bit File Manager Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-5907 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID f6d18601e62a Credits Dmitrii Ignatyev Required privilege...