WordPress Poll Maker Plugin <= 4.7.1 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45766 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63dcd5a4b5a6 Credits Revan Arifio Required privilege...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45756 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...

WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML5 Maps Type Plugin Vulnerable versions = 1.7.1.4 Fixed in 1.7.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 414faf6d1725 Credits Mika Required...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Arbitrary File Deletion

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Deletion CVE CVE-2023-5212 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID cac6c246df55 Credits Marco Wotschka Chloe Chamberland Require...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Sensitive Data Exposure

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5254 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a08bb4253476 Credits Marco Wotschka Required privilege...

WordPress Amministrazione Trasparente Plugin <= 8.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Amministrazione Trasparente Type Plugin Vulnerable versions = 8.0.2 Fixed in 8.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45758 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 868b9cab4b55 Credits DoYeon Park p6rkdoye0n...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Broken Access Control

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45760 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4dc1c4ebd9c Credits RE-ALTER Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...

WordPress Email Subscribers & Newsletters Plugin <= 5.6.23 is vulnerable to Path Traversal

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.6.23 Fixed in 5.6.24 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5414 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID a55da7ad2e82 Credits Marco Wotschka Required privile...

WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPT Shortcode Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8bfa1d036efa Credits Lokesh Dachepalli...

WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Report Post Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45769 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5598e546cea Credits Ivy TOOR, LISA...

WordPress Peter’s Custom Anti-Spam Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Peter’s Custom Anti-Spam Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Scripting XSS CVE CVE-2023-45759 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b962af4e74c9 Credits SeungYongLe...

WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Eupago Gateway For Woocommerce Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.1.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45638 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 84bb9fde48fb Credits...

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Nexter Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45750 Patch priority Medium CVSS severity Medium 7.1 Developer POSIMYTH Innovations PSID ad2209719d8d Credits Rafie...

WordPress WordPress Backup & Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45636 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e1fb36cf7cf2 Credits Abdi Prana...

WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple URLs Type Plugin Vulnerable versions = 120 Fixed in 121 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45606 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8dcb8acc03a Credits Mika Required privilege...

WordPress Campaign Monitor Forms Plugin < 2.5.6 is vulnerable to Broken Access Control

Software Campaign Monitor Forms Type Plugin Vulnerable versions 2.5.6 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5098 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 224fc6fd923e Credits Francesco Marano...

WordPress Responsive Tabs Plugin < 4.0.6 is vulnerable to Content Injection

Software Responsive Tabs Type Plugin Vulnerable versions 4.0.6 Fixed in 4.0.6 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2023-45635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bf3a377a744c Credits Abdi Pranata Required privilege Contributor...

WordPress Fattura24 Plugin < 6.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Fattura24 Type Plugin Vulnerable versions 6.2.8 Fixed in 6.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ad9cd39b4a8 Credits Enrico Marcolini Claudio...