EUVD-2023-53670

Malicious code in bioql PyPI...

WordPress WP Force SSL & HTTPS SSL Redirect Plugin <= 1.66 is vulnerable to Broken Access Control

Software WP Force SSL & HTTPS SSL Redirect Type Plugin Vulnerable versions = 1.66 Fixed in 1.67 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5770 Patch priority Low CVSS severity Low 4.2 Developer WebFactory Ltd. PSID 7f10441c7ef7 Credits Foxyyy Require...

WordPress Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin <= 2.38 is vulnerable to Broken Access Control

Software Minimal Coming Soon & Maintenance Mode – Coming Soon Page Type Plugin Vulnerable versions = 2.38 Fixed in 2.39 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5087 Patch priority Medium CVSS severity Medium 6.3 Developer WebFactory Ltd. PSID...

CVE-2023-48745

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9...

CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9...

CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9...

WordPress WP Database Reset Plugin <= 3.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Database Reset Type Plugin Vulnerable versions = 3.22 Fixed in 3.23 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1501 Patch priority Low CVSS severity Low 4.7 Developer WebFactory Ltd. PSID c53221c813e9 Credits Lucio Sá Required...

WordPress Login Lockdown Plugin <= 2.08 is vulnerable to Broken Access Control

Software Login Lockdown Type Plugin Vulnerable versions = 2.08 Fixed in 2.09 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1340 Patch priority Low CVSS severity Low 5.4 Developer WebFactory Ltd. PSID 5a8910b6c979 Credits Lucio Sá Required privilege...

WordPress Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin <= 2.37 is vulnerable to Bypass Vulnerability

Software Minimal Coming Soon & Maintenance Mode – Coming Soon Page Type Plugin Vulnerable versions = 2.37 Fixed in 2.38 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-1075 Patch priority Low CVSS severity Low 3.7 Developer WebFactory Ltd. PSID 9ddda2f1294b Credi...

CVE-2023-50837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06...

CVE-2023-50837

CVE-2023-50837 is a SQL Injection flaw in WebFactory Login Lockdown – Protect Login Form (WordPress). Affected: Login Lockdown – Protect Login Form: n/a through 2.06. Patch status: Patched. CVSS 3.1 base score 7.2 (HIGH); attack vector: NETWORK; attack complexity: LOW; privileges required: HIGH; ...

CVE-2023-50837 WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06...

CVE-2023-49747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

CVE-2023-49747

CVE-2023-49747 refers to a Stored XSS in the WordPress plugin Guest Author (WebFactory Ltd) up to version 2.3. The vulnerability arises from improper neutralization of input during web page generation (author name), enabling injected scripts when users view pages. Public reports from Red Hat and ...

CVE-2023-49747 WordPress Guest Author Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability

Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...

WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)

Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...

WordPress Simple Author Box Plugin <= 2.3.22 is vulnerable to Cross Site Scripting (XSS)

Software Simple Author Box Type Plugin Vulnerable versions = 2.3.22 Fixed in 2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WebFactory Ltd. PSID a31be070f305 Credits Rafie Muhammad Patchstack Required...