5106 matches found
WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to Arbitrary File Download
Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2022-45368 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 541a2fe842ed Credits Rodrigo Escobar...
WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Multi Rating Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1dcbbd6b8544 Credits rezaduty Required...
WordPress Album and Image Gallery plus Lightbox Plugin <= 1.6.2 is vulnerable to Broken Access Control
Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25060 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd001a553b6f Credits Cat...
WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS)
Software Jobs for WordPress Type Plugin Vulnerable versions = 2.5.11.2 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-44743 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9031f3e3273b Credits thiennv Required...
WordPress Beautiful Cookie Consent Banner Plugin <= 2.10.0 is vulnerable to Cross Site Scripting (XSS)
Software Beautiful Cookie Consent Banner Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 90e192c918ce Credits Wordfence...
WordPress ShortPixel Adaptive Images Plugin < 3.6.3 is vulnerable to Cross Site Scripting (XSS)
Software ShortPixel Adaptive Images Type Plugin Vulnerable versions 3.6.3 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0334 Patch priority High CVSS severity High 7.1 Developer ShortPixel PSID 58e461d9e0d8 Credits dc11 Required...
WordPress Easy Digital Downloads Plugin < 3.1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Easy Digital Downloads Type Plugin Vulnerable versions 3.1.0.5 Fixed in 3.1.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0380 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 553ace90a817 Credits István...
WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection
Software WP Statistics Type Plugin Vulnerable versions = 13.2.10 Fixed in 13.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-38074 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 7a7be43a0e11 Credits Rafie Muhammad Patchstack Required privilege...
WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...
WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...
WordPress ShopLentor Plugin < 2.5.4 is vulnerable to PHP Object Injection
Software ShopLentor Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-0232 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 0065ec87acd5 Credits WPScan Required privilege Unauthenticated...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...
WordPress ContentStudio Plugin < 1.2.6 is vulnerable to Other Vulnerability Type
Software ContentStudio Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-0556 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 3749f412d25d Credits Marco Wotschka Required privilege...
WordPress ContentStudio Plugin < 1.2.6 is vulnerable to Bypass Vulnerability
Software ContentStudio Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0558 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID 9617386e7fb6 Credits Chloe Chamberland Required privileg...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0553 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 407875987b88 Credits Marco Wotschka Iva...
WordPress ShopLentor Plugin < 2.5.4 is vulnerable to Cross Site Scripting (XSS)
Software ShopLentor Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0231 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fcbadeca6ddb Credits István Márton Required...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0554 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c79ea8bd00a5 Credits Marco Wotschka...
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Broken Access Control
Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46840 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2e809058d839 Credit...
WordPress Gerencianet Oficial Plugin <= 1.4.8 is vulnerable to Broken Access Control
Software Gerencianet Oficial Type Plugin Vulnerable versions = 1.4.8 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID df423227780d Credits Unknown Required privilege...
WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Organization chart Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24384 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c7c36f42e17 Credits yuyudhn Required...