WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection

Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...

WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Block for Font Awesome Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49751 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2ae115747c8e Credits Nguyen Xuan...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Local File Inclusion

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-49753 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 193f6f83729d Credits RE-ALTER Required privilege Unauthenticated...

WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...

WordPress WP Booking System Plugin <= 2.0.19.2 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.2 Fixed in 2.0.19.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49758 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b7e70f6e3332 Credits Abdi Pranata...

WordPress Awesome Support Plugin <= 6.1.10 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.10 Fixed in 6.1.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-49757 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3019bd4f8cbf Credits Abdi Pranata Required...

WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49743 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6ab0c656b0c Credits Rachit Arora Required privileg...

WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software SureTriggers Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11a6f0afd634 Credits Rafie Muhammad...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49752 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bdbcb39edd4b Credits RE-ALTER Required privilege Unauthenticated...

WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure

Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...

WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software DoFollow Case by Case Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49197 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1e74ba3bfbc6 Credits Skalucy...

WordPress CF7 Google Sheets Connector Plugin <= 5.0.5 is vulnerable to Sensitive Data Exposure

Software CF7 Google Sheets Connector Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44989 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 42f969d97736...

Rapid7 Takes Next Step in AI Innovation with New AI-Powered Threat Detections

Digital transformation has created immense opportunity to generate new revenue streams, better engage with customers and drive operational efficiency. A decades-long transition to cloud as the de-facto delivery model of choice has delivered undeniable value to the business landscape. But any chan...

WordPress WP Pocket URLs Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Pocket URLs Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49176 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 380f014ea38f Credits SeungYongLee Required privilege...

WordPress Innovs HR Plugin <= 1.0.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Innovs HR Type Plugin Vulnerable versions = 1.0.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49171 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e18ef701b7d2 Credits SeungYongLee Required privilege...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49187 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a67ee23d6891 Credits RE-ALTER Required privilege...

WordPress SchedulePress Plugin <= 5.0.4 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa83517bf4e8 Credits Unknown Required privilege Contributor...

WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software teachPress Type Plugin Vulnerable versions = 9.0.5 Fixed in 9.0.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49163 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 932dc955a019 Credits LVT-tholv2k Required...

WordPress Ads by datafeedr.com Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Ads by datafeedr.com Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49169 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1f49a74489f Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software BP Better Messages Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49168 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 979ad8298842 Credits Rafshanzani Suhada Required privile...