5105 matches found
WordPress Getnet Argentina para Woocommerce Plugin 0.0.1-0.0.4 is vulnerable to Broken Access Control
Software Getnet Argentina para Woocommerce Type Plugin Vulnerable versions 0.0.1-0.0.4 Fixed in 0.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3525 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 026805019331 Credits Kijam...
WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition
Software Yet Another Stars Rating Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Race Condition CVE CVE-2023-37867 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 9a9795e352fc Credits Abdi Pranata Required...
WordPress Buy Me a Coffee Plugin <= 3.7 is vulnerable to Broken Access Control
Software Buy Me a Coffee Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25030 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID efd2e1e73286 Credits Abdi Pranata Required privilege...
WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Terms descriptions Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f42703e921f Credits Kindaichi Hiro...
WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Media Library Helper by Codexin Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37386 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 31c3323d9133 Credits...
WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection
Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...
WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Classified Listing Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37387 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 58373c58e878 Credits István Márton...
WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3179 Patch priority Low CVSS severity Low 8.8 Developer WPExperts PSID a42127c2ce5a Credits Erwan LR WPScan Required privilege...
WordPress tagDiv Cloud Library Plugin < 2.7 is vulnerable to Privilege Escalation
Software tagDiv Cloud Library Type Plugin Vulnerable versions 2.7 Fixed in 2.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-1597 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d62f2f7e76e8 Credits Truoc Pha...
WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload
Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...
WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS)
Software WP-Optimize Type Plugin Vulnerable versions 3.2.13 Fixed in 3.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74a58d2a57e4 Credits Paolo Elia Required...
WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.2 is vulnerable to Broken Access Control
Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36681 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ec249fa35f9a...
WordPress Companion Sitemap Generator – HTML & XML Plugin < 4.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Companion Sitemap Generator – HTML & XML Type Plugin Vulnerable versions 4.5.3 Fixed in 4.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c5448d43a2a...
WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)
Software My Content Management Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f6e3eb68e74c Credits emad Required...
WordPress LearnPress Plugin <= 4.2.3 is vulnerable to Broken Access Control
Software LearnPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36516 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 9d39c7dfcdce Credits Rafie Muhammad Patchstack...
WordPress Simple Giveaways Plugin <= 2.48.0 is vulnerable to Broken Access Control
Software Simple Giveaways Type Plugin Vulnerable versions = 2.48.0 Fixed in 2.48.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23893 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e25cb2d4a4a7 Credits Nguyen Anh Tien Required...
PT-2023-4535
Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.09 Description The issue is related to insufficient access control in the Nullsoft Scriptable Install System, which can be exploited by a remote attacker to elevate their privileges...
WordPress Request a Quote Plugin < 2.3.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Request a Quote Type Plugin Vulnerable versions 2.3.11 Fixed in 2.3.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bdadec21f189 Credits N/A Required privilege...
WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36677 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 5776b5f22100 Credits Le Ngoc Anh Required privilege...
WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...