5103 matches found
WordPress Fattura24 Plugin < 6.2.8 is vulnerable to Cross Site Scripting (XSS)
Software Fattura24 Type Plugin Vulnerable versions 6.2.8 Fixed in 6.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ad9cd39b4a8 Credits Enrico Marcolini Claudio...
WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45637 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ecb3f3a7 Credits Phd Required privilege Unauthenticated...
WordPress Get Custom Field Values Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Get Custom Field Values Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8b0df9061359 Credits Satoo Nakano Required privilege...
WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...
WordPress Smart Cookie Kit Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Smart Cookie Kit Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45608 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 890adc1c2f2b Credits resecured.io Required privilege...
WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...
WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pinpoint Booking System Type Plugin Vulnerable versions = 2.9.9.4.0 Fixed in 2.9.9.4.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45270 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d574a1cccf08 Credits Mik...
WordPress GoodBarber Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)
Software GoodBarber Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45107 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 54aa1d490fb5 Credits Mika Required privileg...
WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Mailrelay Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45108 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19213d6f5e3d Credits Mika Required privilege...
WordPress Hotjar Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
Software Hotjar Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1259 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e7f6eb874af7 Credits Marco Wotschka Required privile...
WordPress Redirection for Contact Form 7 Plugin <= 2.9.2 is vulnerable to Broken Access Control
Software Redirection for Contact Form 7 Type Plugin Vulnerable versions = 2.9.2 Fixed in 3.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39920 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ca4cdb116544 Credits Nguyen Anh...
WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Publish Confirm Message Type Plugin Vulnerable versions = 1.3.1 Fixed in 2.0 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-32124 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e7992d754f6 Credits Taihei...
WordPress WP Custom Admin Interface Plugin <= 7.32 is vulnerable to Broken Access Control
Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.32 Fixed in 7.33 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44988 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 74d65a8c422e Credits Abdi Pranata Required...
WordPress WP User Frontend Plugin <= 3.6.8 is vulnerable to Broken Access Control
Software WP User Frontend Type Plugin Vulnerable versions = 3.6.8 Fixed in 3.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45002 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6150300c70 Credits Abdi Pranata Required...
WordPress Video Gallery – YouTube Gallery Plugin <= 2.2.5 is vulnerable to SQL Injection
Software Video Gallery – YouTube Gallery Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45069 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3d253c27c06d Credits Ravi Dharmawan Required privilege...
WordPress canvasio3D Light Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
Software canvasio3D Light Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45062 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a3783fd52d4 Credits thiennv Required...
WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection
Software Copy Or Move Comments Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28748 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c441c723b0a4 Credits minhtuanact Required privilege Subscriber...
WordPress WPGetAPI Plugin 2.1.0-2.2.1 is vulnerable to Broken Access Control
Software WPGetAPI Type Plugin Vulnerable versions 2.1.0-2.2.1 Fixed in 2.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ca2d9e4727c6 Credits Unknown Required privilege Subscriber...
WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)
Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.18 Fixed in 1.15.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 40c5a2d21d33 Credits RE-ALTER Required...
WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Comment Reply Email Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45008 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa87fe52845c Credits Yebin Lee Required privilege...