5105 matches found
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...
WordPress PDF.js Viewer Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)
Software PDF.js Viewer Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4670 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 33028ec86f1d Credits Lana Codes Required...
WordPress Joli Table Of Contents Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Joli Table Of Contents Type Plugin Vulnerable versions = 1.3.9 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46820 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d76be68ea78 Credits minhtuanact...
WordPress YouTube Channel Plugin <= 3.0.12.1 is vulnerable to Broken Access Control
Software YouTube Channel Type Plugin Vulnerable versions = 3.0.12.1 Fixed in 3.23.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0447 Patch priority Medium CVSS severity Medium 4.3 Developer Aleksandar Urošević PSID 5cd4c6177416 Credits WordfenceTeam...
WordPress Simple File Downloader Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Simple File Downloader Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4764 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 2ef1f33eb376 Credits István Márton...
WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin < 3.2 is vulnerable to Cross Site Scripting (XSS)
Software Posts List Designer by Category – List Category Posts Or Recent Posts Type Plugin Vulnerable versions 3.2 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4749 Patch priority Medium CVSS severity Medium 6.5 Developer Claim...
WordPress Custom User Profile Fields Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)
Software Custom User Profile Fields Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4831 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02766634c7d2 Credits István...
WordPress Social Warfare Plugin <= 4.3.0 is vulnerable to Broken Access Control
Software Social Warfare Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0402 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 18527265013d Credits Marco Wotschka Required...
WordPress CPO Companion Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software CPO Companion Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4837 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 47c87ffd82d9 Credits István Márton Required...
WordPress WP Tabs Plugin < 2.1.17 is vulnerable to Cross Site Scripting (XSS)
Software WP Tabs Type Plugin Vulnerable versions 2.1.17 Fixed in 2.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0071 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 477efeb39f0f Credits István Márton Required...
WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.3.5 Fixed in 2.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
WordPress Widgets for Google Reviews Plugin < 9.8 is vulnerable to Cross Site Scripting (XSS)
Software Widgets for Google Reviews Type Plugin Vulnerable versions 9.8 Fixed in 9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4470 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 6ca77c2a5891 Credits Lana Codes...
WordPress GigPress Plugin <= 2.3.27 is vulnerable to Cross Site Scripting (XSS)
Software GigPress Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5602dcf35459 Credits WordfenceTeam Required privilege...
WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software My Tickets Type Plugin Vulnerable versions = 1.9.10 Fixed in 1.9.11 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3393f084dbba Credits WordfenceTeam Required...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin < 2.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions 2.3.6 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4657 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSI...
WordPress CC Child Pages Plugin < 1.43 is vulnerable to Cross Site Scripting (XSS)
Software CC Child Pages Type Plugin Vulnerable versions 1.43 Fixed in 1.43 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4776 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a6bb713113e2 Credits Lana Codes Required...
WordPress Video.js – HTML5 Video Player for WordPress Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)
Software Video.js – HTML5 Video Player for WordPress Type Plugin Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4786 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 522c5fb94d76...
WordPress Video Sidebar Widgets Plugin <= 6.1 is vulnerable to Cross Site Scripting (XSS)
Software Video Sidebar Widgets Type Plugin Vulnerable versions = 6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4785 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 2859d13481bb Credits István Márton...
WordPress WooCommerce Eway Gateway Plugin <= 3.5.0 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Eway Gateway Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 9e6ef9dda0ad Credits WordfenceTeam...
WordPress Membership For WooCommerce Plugin < 2.1.7 is vulnerable to Arbitrary File Upload
Software Membership For WooCommerce Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2022-4395 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 0a53b711b376 Credits cydave Required...