5105 matches found
WordPress Widgets on Pages Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Widgets on Pages Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4488 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86b237a22e6a Credits Lana Codes Requir...
WordPress MainWP File Uploader Extension Plugin <= 4.1 is vulnerable to Arbitrary File Upload
Software MainWP File Uploader Extension Type Plugin Vulnerable versions = 4.1 Fixed in 4.1.1 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2023-23656 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f49d8364bda5 Credits Dave Jong...
WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control
Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...
WordPress WP-CommentNavi Plugin <= 1.12.1 is vulnerable to Cross Site Scripting (XSS)
Software WP-CommentNavi Type Plugin Vulnerable versions = 1.12.1 Fixed in 1.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22715 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f51dcf4c7b1f Credits Rio Darmawan Required...
WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control
Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...
WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection
Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47605 Patch priority Low CVSS severity Low 8.3 Developer Kunal Nagar PSID 960f40facc61 Credits minhtuanact Required privilege Administrator Published...
WordPress YourChannel: Everything you want in a YouTube Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0282 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bf43a58f39a3...
WordPress Paid Memberships Pro Plugin <= 2.9.7 is vulnerable to SQL Injection
Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.7 Fixed in 2.9.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23488 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID ac5e3d7c8149 Credits Joshua Martinelle Required privilege...
WordPress Easy Digital Downloads Plugin <= 3.1.0.3 is vulnerable to SQL Injection
Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.0.3 Fixed in 3.1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23489 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 8ebed23bcf9a Credits Joshua Martinelle Required privilege...
CVE-2023-22391
A vulnerability in class-of-service CoS queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service DoS. Specific packets are being incorrectly routed to a queue used for other high-priority traffic such a...
WordPress WP Booklet Plugin <= 2.1.8 is vulnerable to Remote Code Execution (RCE)
Software WP Booklet Type Plugin Vulnerable versions = 2.1.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-22677 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1a71e450e6f5 Credits Le Ngoc Anh Required privilege Subscriber...
WordPress ExactMetrics Plugin < 7.12.1 is vulnerable to Cross Site Scripting (XSS)
Software ExactMetrics Type Plugin Vulnerable versions 7.12.1 Fixed in 7.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0082 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5eb38112ee75 Credits Lana Codes Required...
WordPress Materialis Companion Plugin < 1.3.40 is vulnerable to Cross Site Scripting (XSS)
Software Materialis Companion Type Plugin Vulnerable versions 1.3.40 Fixed in 1.3.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4762 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80cd16937fbb Credits Lana Codes...
WordPress Map Multi Marker Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Map Multi Marker Type Plugin Vulnerable versions = 3.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47591 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fa0897cb0de Credits minhtuanact Requir...
WordPress Annual Archive Plugin < 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Annual Archive Type Plugin Vulnerable versions 1.6.0 Fixed in 1.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0178 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e447b05c3b01 Credits Lana Codes Required...
WordPress jQuery T(-) Countdown Widget Plugin < 2.3.24 is vulnerable to Cross Site Scripting (XSS)
Software jQuery T- Countdown Widget Type Plugin Vulnerable versions 2.3.24 Fixed in 2.3.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0171 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d69c46b235b Credits Lana...
WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...
WordPress Leaflet Maps Marker Plugin < 3.12.7 is vulnerable to Cross Site Scripting (XSS)
Software Leaflet Maps Marker Type Plugin Vulnerable versions 3.12.7 Fixed in 3.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4677 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 99a82b35c26d Credits Lana Codes...
WordPress Breadcrumb Plugin < 1.5.33 is vulnerable to Cross Site Scripting (XSS)
Software Breadcrumb Type Plugin Vulnerable versions 1.5.33 Fixed in 1.5.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4836 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 68e0f577b655 Credits Lana Codes Required...
WordPress GamiPress – Vimeo integration Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software GamiPress – Vimeo integration Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0154 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID eece071753de Credits Lana...