5105 matches found
WordPress User Meta Manager Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)
Software User Meta Manager Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d307e7329c6e Credits minhtuanact...
WordPress Custom 404 Pro Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0385 Patch priority Low CVSS severity Low 5.4 Developer Kunal Nagar PSID a124f27371a3 Credits Marco Wotschka Required...
WordPress TemplatesNext ToolKit Plugin < 3.2.9 is vulnerable to Cross Site Scripting (XSS)
Software TemplatesNext ToolKit Type Plugin Vulnerable versions 3.2.9 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9f3110209bb9 Credits WPScan Require...
WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection
Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...
WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...
WordPress Enable Media Replace Plugin < 4.0.2 is vulnerable to Arbitrary File Upload
Software Enable Media Replace Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0255 Patch priority High CVSS severity High 9.1 Developer ShortPixel PSID 1a8eac52cb81 Credits dc11 Required privilege Author Published 1...
WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23650 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 27d865081452 Credits Dave...
WordPress MainWP Boilerplate Extension Plugin <= 4.1 is vulnerable to Broken Access Control
Software MainWP Boilerplate Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23744 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dc04c8344b84 Credits Dave Jong...
WordPress MainWP Post Plus Extension Plugin <= 4.0.3 is vulnerable to Arbitrary Content Deletion
Software MainWP Post Plus Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-23666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 66ca6cd7da00 Credits Dave Jong...
WordPress Rich Table of Contents Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Rich Table of Contents Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4551 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2ac49cba0f41 Credits Lana Codes...
WordPress MainWP Article Uploader Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control
Software MainWP Article Uploader Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23742 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e674bdb18c0f Credits Dave Jong...
WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS)
Software teachPress Type Plugin Vulnerable versions = 8.1.8 Fixed in 8.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8de649d41654 Credits Nguyen Xuan Chien...
WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Settings Change
Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23669 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID ad99cab21d6e Credits Dave Jong Patchsta...
WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection
Software MainWP Maintenance Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9ddad2ceeae4 Credits Dave Jong Patchstack Required...
WordPress Easy Accept Payments Plugin < 4.9.10 is vulnerable to Cross Site Scripting (XSS)
Software Easy Accept Payments Type Plugin Vulnerable versions 4.9.10 Fixed in 4.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0275 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 334f1469f03f Credits Lana Codes...
WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Broken Access Control
Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22699 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID aa51573e0a8b Credits Dave Jong...
WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection
Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...
WordPress Judge.me Product Reviews for WooCommerce Plugin < 1.3.21 is vulnerable to Cross Site Scripting (XSS)
Software Judge.me Product Reviews for WooCommerce Type Plugin Vulnerable versions 1.3.21 Fixed in 1.3.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0061 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fda1dafd296...
WordPress MainWP White Label Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control
Software MainWP White Label Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23748 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4cf93d58a995 Credits Dave Jong...
WordPress MainWP Clone Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control
Software MainWP Clone Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23642 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID fedefb75fe08 Credits Dave Jong...