5106 matches found
WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...
WordPress WPGlobus Translate Options Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Software WPGlobus Translate Options Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25711 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 62953df5e274 Credits thienn...
WordPress Robots.txt optimization Plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Robots.txt optimization Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25706 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1bba120cb645 Credits Abdi Pranat...
WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin <= 1.0.21 is vulnerable to Broken Access Control
Software ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46811 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSI...
WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Broken Access Control
Software Quick Paypal Payments Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25714 Patch priority High CVSS severity High 7.5 Developer Fullworks Plugins PSID 70f3386a0525 Credits yuyudhn Required...
WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)
Software Opt-Out for Google Analytics Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25712 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2387d8d69039 Credits Rio Darmaw...
WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection
Software GamiPress Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-24000 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 3c1780f1edaa Credits Dave Jong Patchstack Required privilege...
WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)
Software Portfolio – WordPress Portfolio Plugin Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23685 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 518a0520e6c9 Credit...
WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software GamiPress Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25697 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 466ccc666256 Credits Dave Jong Patchstack...
WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection
Software RSVPMarker Type Plugin Vulnerable versions = 9.9.3 Fixed in 9.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25045 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID b21a0533c506 Credits Aldo Dimas Anugrah K Required privilege Administrator...
WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcb98ded3ded Credits Oliver K...
WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)
Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25040 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7acc7c74ae4b Credits Rafie Muhammad...
WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.0.9 is vulnerable to SQL Injection
Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.0.9 Fixed in 2.0.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0487 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID cdb7568b0dc6 Credits qerogramat Kak...
WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Arbitrary File Download
Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2023-25050 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 547ac1ab598f Credits Rafie Muhammad...
WordPress Rank Math SEO Plugin <= 1.0.107.2 is vulnerable to Local File Inclusion
Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.107.2 Fixed in 1.0.107.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23888 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID e3a7d6a3381a Credits Rafie Muhammad Patchstack Required...
Beyond the basics: Implementing an active defense
Active defense a key approach to protecting against major threats Having an active defense posture, where the defenders actively use threat intelligence and their own environment telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0722 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7e061023b7ce Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e2bdc56150c0 Credits Marco Wotschka Requir...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0711 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID f6e0caeea0c4 Credits Marco Wotschka Requir...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...