WordPress Stripe Payments Plugin <= 2.0.79 is vulnerable to Content Injection

Software Stripe Payments Type Plugin Vulnerable versions = 2.0.79 Fixed in 2.0.80 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2023-48285 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d526738c5887 Credits Joshua Chan Required privilege...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48738 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5a7e2b4a3331 Credits Rafie Muhammad Patchstack Required...

WordPress Import Spreadsheets from Microsoft Excel Plugin <= 10.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Import Spreadsheets from Microsoft Excel Type Plugin Vulnerable versions = 10.1.3 Fixed in 10.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 42e6092284d8 Credits Khalid Yusu...

WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload

Software Mollie Payments for WooCommerce Type Plugin Vulnerable versions = 7.3.11 Fixed in 7.3.12 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-6090 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 5c0982698e82 Credits Rafie Muhammad...

WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48324 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ccfaf9111b5 Credits thiennv Required privilege...

WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Awesome Support Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-48323 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID afdaccd9618c Credits thiennv Required...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to Broken Access Control

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48739 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID aa73939ac882 Credits Rafie...

WordPress Easy Social Feed Plugin <= 6.5.1 is vulnerable to Broken Access Control

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48740 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1c5273124850 Credits Abdi Pranata Required...

WordPress WCMultiShipping Plugin <= 2.3.5 is vulnerable to Broken Access Control

Software WCMultiShipping Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ae6198f38515 Credits Abdi Pranata Required...

WordPress Widgets for Google Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Google Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 5e436d044590 Credits Rafie Muhammad Patchstack...

WordPress Autocomplete Location field Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Autocomplete Location field Contact Form 7 Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5005 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4890d8d7c0c3 Credits B...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Sensitive Data Exposure

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2446 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60ff01fd740b Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2437 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9aac076e3030 Credits István Márton...

WordPress Preloader for Website Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Preloader for Website Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48273 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d41468183f67 Credits Nguyen Xuan Chien...

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2447 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID f82d076bd579 Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47845 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10b2ddc4a429 Credits Dimas Maulana Required...

WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software PayTR Taksit Tablosu Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47847 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9835cf00a16a Credits Abdi Pranata Required...

WordPress wpForo Forum Plugin <= 2.2.5 is vulnerable to Content Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-47869 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e9607ec97842 Credits Jesse McNeil Required privilege...