WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Edit Username Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3874545cb784 Credits Jeongwoo-LeeRoronoa Required privileg...

WordPress Menu Image, Icons made easy Plugin <= 3.10 is vulnerable to Cross Site Scripting (XSS)

Software Menu Image, Icons made easy Type Plugin Vulnerable versions = 3.10 Fixed in 3.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50826 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e7ae4a05a16b Credits emad Required privilege...

WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection

Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...

WordPress MW WP Form Plugin <= 5.0.3 is vulnerable to Arbitrary File Deletion

Software MW WP Form Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2023-6559 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 24368a3488f4 Credits Thomas Sanzey Required privilege...

WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload

Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...

WordPress Slick Social Share Buttons Plugin <= 2.4.11 is vulnerable to Broken Access Control

Software Slick Social Share Buttons Type Plugin Vulnerable versions = 2.4.11 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6878 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7c96f50fb437 Credits István Márton...

WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...

CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4775 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 533ab95811dc Credits István Márton Required...

WordPress Spice Post Slider Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Spice Post Slider Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5362 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 963f12e8b291 Credits István Márton Required...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.6 Fixed in 2.9.7 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6120 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 545792f26683 Credits Marco Wotschka Required...

priorityconciergemd.com Improper Access Control vulnerability OBB-3808462

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Alt Manager Plugin <= 1.6.1 is vulnerable to Broken Access Control

Software Alt Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50373 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d15fcb372f33 Credits Nguyen Xuan Chien Required...

WordPress Social Media Feather Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Social Media Feather Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49861 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c21113708404 Credits Abdi Pranata...

WordPress Custom Login Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Custom Login Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49858 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0dfaac0266be Credits Abdi Pranata Required...

WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

WordPress Login With Ajax Plugin <= 4.1 is vulnerable to Broken Access Control

Software Login With Ajax Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49859 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3990b3ba7420 Credits Abdi Pranata Required...

WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49857 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 75c871c2eac0 Credits thiennv Required privilege...

WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom Post Type Page Template Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50372 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e58dd1aa617 Credits Nguyen...