5106 matches found
WordPress Portfolio Gallery – Responsive Image Gallery Plugin <= 1.4.6 is vulnerable to Broken Access Control
Software Portfolio Gallery – Responsive Image Gallery Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32585 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 46edb5a7cfb0 Credit...
Motorola CX2 命令注入漏洞
The Motorola CX2 is a wireless router from Motorola USA. A security vulnerability exists in the Motorola CX2L Router version 1.0.1, which stems from the discovery of a command injection vulnerability via the smartqosprioritydevices parameter...
WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion
Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
Software Essential Addons for Elementor Type Plugin Vulnerable versions 5.4.0-5.7.1 Fixed in 5.7.2 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-32243 Patch priority High CVSS severity High 9.8 Developer WPDeveloper PSID 9f77d447be67 Credits Rafie Muhamma...
WordPress WP Replicate Post Plugin <= 4.0.2 is vulnerable to SQL Injection
Software WP Replicate Post Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2237 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 93caeb59c55f Credits Marco Wotschka Required privilege Contributor...
WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control
Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...
WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7183b75ec323 Credits Rafie Muhammad...
WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)
Software Loginizer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2296 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 867402dd8b92 Credits Erwan LR WPScan Required...
WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0733 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3312adcb21e4 Credits Lana Codes Required...
WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...
WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)
Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.18 Fixed in 3.9.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-32576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48ffad270d6d Credits Abdi...
WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Reactions Lite Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32587 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b436a9de7ad3 Credits István Márton...
WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control
Software Forget About Shortcode Buttons Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32579 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 97c2cfa92f61 Credits István Márton...
WordPress Custom Base Terms Plugin <= 1.0.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Custom Base Terms Type Plugin Vulnerable versions = 1.0.2.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a97ca0c054e Credits Aymane Mazguiti...
PT-2023-23376 · Motorola · Motorola Cx2L Router
Name of the Vulnerable Software and Affected Versions: Motorola CX2L Router version 1.0.1 Description: A command injection issue was found in the Motorola CX2L Router, specifically via the smartqos priority devices parameter. This allows for potential command injection attacks. Recommendations: F...
WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)
Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0.17 Fixed in 1.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2604 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4f6a23b77029 Credi...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.3 is vulnerable to Open Redirection
Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.3 Fixed in 4.0.9.4 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-32517 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID c02b44f266ce Credits minhtuanact...
WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure
Software Download Monitor Type Plugin Vulnerable versions = 4.7.60 Fixed in 4.7.70 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-45354 Patch priority Low CVSS severity Low 5.3 Developer WPChill PSID 4dbbcebe007d Credits Rafie Muhammad Patchstack...
WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.23.1 is vulnerable to Broken Access Control
Software YITH WooCommerce Gift Cards Premium Type Plugin Vulnerable versions = 3.23.1 Fixed in 3.24.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-44633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9a5270f7dbc9 Credits...