CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

WordPress Elementor Website Builder Plugin 3.3.0-3.18.1 is vulnerable to Arbitrary File Upload

Software Elementor Website Builder Type Plugin Vulnerable versions 3.3.0-3.18.1 Fixed in 3.18.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48777 Patch priority High CVSS severity High 9.9 Developer Elementor PSID 64baf5c2aab5 Credits Hồng Quân luk6785 at VNPT-VCI...

WordPress Bacola Core Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Bacola Core Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d717888feaf6 Credits RE-ALTER Required privilege Unauthenticate...

WordPress Burst Statistics Pro Plugin 1.4.0-1.5.0 is vulnerable to SQL Injection

Software Burst Statistics Pro Type Plugin Vulnerable versions 1.4.0-1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-5761 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbf5617c0e05 Credits German Ritter Required privilege...

WordPress Cookie Bar Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Bar Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 703ecb793ab1 Credits Muhammad Daffa Required privilege Administrator...

WordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Payments Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49828 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 702b702ee838 Credits Rafie Muhammad Patchstack Require...

WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.6.1 Fixed in 4.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f110d66c795 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...

WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49825 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID a78a84399460 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49826 Patch priority Medium CVSS severity Medium 8.1 Developer Claim ownership PSID c3ecdbf607cb Credits Rafie Muhammad Patchstack Required privilege...

WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fix My Feed RSS Repair Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49816 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5bdeb04c02b0 Credits Nguyen Xuan Chie...

WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiveChat Type Plugin Vulnerable versions = 4.5.15 Fixed in 4.5.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49821 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fc152f3c5a19 Credits Brandon Roldan Required...

WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to SQL Injection

Software Sayfa Sayaç Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49776 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID b5614af7ec8d Credits Rafie Muhammad Patchstack Required privilege...

WordPress Webflow Pages Plugin <= 1.0.8 is vulnerable to Broken Access Control

Software Webflow Pages Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49818 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0a2c4f0050b Credits Mika Required privilege...

WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Bypass Vulnerability

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.5.02.005 Fixed in 8.6.01.005 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-49774 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23d1af6fe73e Credits Brandon Roldan...

WordPress Smart External Link Click Monitor [Link Log] Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Smart External Link Click Monitor Link Log Type Plugin Vulnerable versions = 5.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49771 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1106b9604760 Credits Mika...

WordPress MW WP Form Plugin <= 5.0.1 is vulnerable to Arbitrary File Upload

Software MW WP Form Type Plugin Vulnerable versions = 5.0.1 Fixed in 5.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 597833164ec3 Credits István Márton Required privilege Unauthenticat...

WordPress Spiffy Calendar Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49745 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c8f76cf91e Credits resecured.io Required privilege...

WordPress Bulk Edit Post Titles Plugin <= 5.0.0 is vulnerable to Broken Access Control

Software Bulk Edit Post Titles Type Plugin Vulnerable versions = 5.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49754 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID cc6753fe92c9 Credits Nguyen Xuan Chien...