WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.14.0 is vulnerable to Local File Inclusion

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.14.0 Fixed in 2.15.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-37888 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2ea7a20d00de Credits Rafie...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 788c62b14a2a Credits Unknown Required privilege Subscriber...

WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 19415fa8bf01 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Forminator Plugin <= 1.27.0 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.27.0 Fixed in 1.28.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6133 Patch priority Low CVSS severity Low 6.6 Developer WPMU DEV PSID e543496c8db2 Credits István Márton Required privilege Administrator...

WordPress LWS Hide Login Plugin <= 2.1.8 is vulnerable to Bypass Vulnerability

Software LWS Hide Login Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-47818 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 6d52db64950c Credits Naveen Muthusamy Required privilege...

WordPress Acme Fix Images Plugin <= 1.0.0 is vulnerable to Broken Access Control

Software Acme Fix Images Type Plugin Vulnerable versions = 1.0.0 Fixed in 2.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47793 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 51b5ada66dce Credits Abdi Pranata Required...

CVE-2023-23583

Sequence of processor instructions leads to unexpected behavior for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access...

No title provided

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: net: sched: sch: Bounds check priority The Linux kernel CVE team has assigned CVE-2023-52734 to this issue...

WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leadster Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d346958cd11 Credits BuShiYue Required privileg...

WordPress BSK Contact Form 7 Blacklist Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software BSK Contact Form 7 Blacklist Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5141 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcd35c27eb27 Credits Enrico...

WordPress miniorange otp verification Plugin <= 4.2.1 is vulnerable to Broken Access Control

Software miniorange otp verification Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47776 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 60649c9bd1ee Credits Abdi Pranat...

WordPress WP Fastest Cache Plugin < 1.2.2 is vulnerable to SQL Injection

Software WP Fastest Cache Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6063 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5011a3314981 Credits Alex Sanford Required privilege Unauthenticated...

WordPress LuckyWP Scripts Control Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software LuckyWP Scripts Control Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47778 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0397d6dac11d Credits Abdi Pranata...

WordPress Thrive Theme Builder Theme < 3.24.0 is vulnerable to Broken Access Control

Software Thrive Theme Builder Type Theme Vulnerable versions 3.24.0 Fixed in 3.24.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47783 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID df9a83751ebc Credits Rafie Muhammad Patchsta...

WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Permalinks Customizer Type Plugin Vulnerable versions = 2.8.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47773 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 75025c824dd0 Credits Le Ngoc Anh Required privilege...

WordPress Betheme Theme <= 27.1.1 is vulnerable to Broken Access Control

Software Betheme Type Theme Vulnerable versions = 27.1.1 Fixed in 27.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47770 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID f61160742341 Credits Rafie Muhammad Patchstack Required...

WordPress EasyAzon Plugin <= 5.1.0 is vulnerable to Broken Access Control

Software EasyAzon Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47780 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID bdc4e95fbc8c Credits Abdi Pranata Required privileg...

WordPress Welcart e-Commerce Plugin <= 2.9.4 is vulnerable to Arbitrary File Upload

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE N/A Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 876ec2065bf2 Credits WordFence Required privilege Subscriber Publish...

WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.15 Fixed in 6.6.16 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47784 Patch priority Low CVSS severity Low 8.4 Developer ThemePunch PSID 92c233355a76 Credits Rafie Muhammad Patchstack Required privile...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47786 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bc229172c2ce Credits Rafie Muhammad Patchstack Required...