5106 matches found
WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control
Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...
WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication
Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...
WordPress Catalyst Connect Zoho CRM Client Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Catalyst Connect Zoho CRM Client Portal Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0588 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2843a5139fb1 Credit...
WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin < 4.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions 4.3.2 Fixed in 4.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2298 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...
WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Builder by vcita Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2300 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3b4b71b799e4 Credits Jonas...
WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Tables Type Plugin Vulnerable versions = 1.3.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25453 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c90cdd1a03de Credits Le Ngoc Anh Requir...
WordPress CRM and Lead Management by vcita Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
Software CRM and Lead Management by vcita Type Plugin Vulnerable versions = 2.7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2405 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID b8d44a43844f Credits Jonas...
WordPress WP User Switch Plugin <= 1.0.2 is vulnerable to Bypass Vulnerability
Software WP User Switch Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-2546 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d69f4769545f Credits István Márton Required privile...
WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Hide Post Type Plugin Vulnerable versions = 2.0.10 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34378 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aae5d2069aaf Credits István Márton Required...
WordPress Constant Contact Forms Plugin <= 2.0.3 is vulnerable to Broken Access Control
Software Constant Contact Forms Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34387 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8b821c0ab713 Credits István Márton Required...
WordPress WooCommerce Box Office Plugin <= 1.1.51 is vulnerable to Broken Access Control
Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.1.51 Fixed in 1.1.52 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34003 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 51c5f4c853cf Credits Rafie Muhammad...
WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.1.50 Fixed in 1.1.51 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34004 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 270c72521204 Credits Rafie Muhammad...
WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)
Software GDPR Cookie Consent Notice Box Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32294 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e4ea913f3b06 Credits Emili...
WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Inventory Manager Type Plugin Vulnerable versions = 2.1.0.13 Fixed in 2.1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34002 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c4d1b6f02d97 Credits Mika...
WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.3 is vulnerable to Broken Access Control
Software Uncanny Toolkit for LearnDash Type Plugin Vulnerable versions = 3.6.4.3 Fixed in 3.6.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34019 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86dfb320b43d Credits Mika...
WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.3 is vulnerable to Open Redirection
Software Uncanny Toolkit for LearnDash Type Plugin Vulnerable versions = 3.6.4.3 Fixed in 3.6.4.4 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-34020 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 28ec371a8b3f Credits Mika Require...
WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Broken Access Control
Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bb421c7db580 Credits WordFence Required privilege...
WordPress Favorites Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Favorites Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2304 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4168c34106e7 Credits Lana Codes Required...
WordPress Nested Pages Plugin <= 3.2.3 is vulnerable to Broken Access Control
Software Nested Pages Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2434 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 26e414b00090 Credits Lana Codes Required privilege...
WordPress Wordapp Plugin <= 1.5.0 is vulnerable to Broken Access Control
Software Wordapp Type Plugin Vulnerable versions = 1.5.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2987 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04adbd084262 Credits Lana Codes Required privilege...