CVE-2023-47647 WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Scripting (XSS)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2171 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 965111d21cf9 Credits Alex Thomas Required privilege...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...

WordPress BadgeOS plugin <= 3.7.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BadgeOS plugin versions = 3.7.0. Solution Update the WordPress BadgeOS plugin to the latest available version at least 3.7.1...