8 matches found
CVE-2024-12113
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteuserreview and deletereview functions in all versions up to, and including, 1.3.2. This...
WordPress Reviews Feed plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Sajjad Ahmad jacksparrow in WordPress Plugin Reviews Feed versions = 1.1.2...
WordPress Reviews Feed plugin <= 1.1.2 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Sajjad Ahmad jacksparrow in WordPress Plugin Reviews Feed versions = 1.1.2...
WordPress Reviews and Rating – Google My Business Plugin <= 5.2 is vulnerable to Cross Site Scripting (XSS)
Software Reviews and Rating – Google My Business Type Plugin Vulnerable versions = 5.2 Fixed in 5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e783e142cbef Credits wesl...
WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Reviews Plus versions = 1.3.4...
WordPress Widgets for Wordpress Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload
Software Widgets for Wordpress Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 382b3841f916 Credits Rafie Muhammad Patchsta...
WordPress Reviews and Rating – Google My Business Plugin <= 4.14 is vulnerable to Broken Access Control
Software Reviews and Rating – Google My Business Type Plugin Vulnerable versions = 4.14 Fixed in 4.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23986 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7be60ef76311 Credits István...
WordPress Reviews Plus plugin <= 1.2.13 - Reviews Denial of Service (DoS) vulnerability
Reviews Denial of Service DoS vulnerability discovered by Drew Jones in WordPress Reviews Plus plugin versions = 1.2.13. Solution Update the WordPress Reviews Plus plugin to the latest available version at least 1.2.14...