36 matches found
WordPress OVRI Payment plugin 1.7.0 - Malicious .htaccess directive vulnerability
Malicious .htaccess directive vulnerability discovered by Marco Wotschka - Wordfence in WordPress Plugin OVRI Payment versions 1.7.0...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download vulnerability
Directory Traversal to Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download
Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...
WordPress Favicon Generator plugin <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Marco Wotschka in WordPress Plugin Favicon Generator versions = 1.5...
WordPress IgnitionDeck Crowdfunding Platform plugin <= 1.9.8 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Marco Wotschka in WordPress Plugin IgnitionDeck versions = 1.9.8...
WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure
Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion Vulnerabilities
Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...
WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection
Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...
WordPress Email Subscribers & Newsletters Plugin <= 5.6.23 is vulnerable to Path Traversal
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.6.23 Fixed in 5.6.24 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5414 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID a55da7ad2e82 Credits Marco Wotschka Required privile...
WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal
Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...
WordPress BEAR Plugin <= 1.1.3.3 is vulnerable to Broken Access Control
Software BEAR Type Plugin Vulnerable versions = 1.1.3.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611080b0d2da Credits Marco Wotschka Required privilege...
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...
WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection
Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...
WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...
WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)
Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 36513c06abe2 Credits Marco Wotschka...
WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...
WordPress Quick Post Duplicator Plugin <= 2.0 is vulnerable to SQL Injection
Software Quick Post Duplicator Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2229 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 82cd33300670 Credits Marco Wotschka Required privilege Contributor...
WordPress File Uploader Plugin < 4.19.2 is vulnerable to Path Traversal
Software File Uploader Type Plugin Vulnerable versions 4.19.2 Fixed in 4.19.2 OWASP Top 10 A5: Broken Access Control Classification Path Traversal CVE CVE-2023-2688 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f1bb8a36ca00 Credits Marco Wotschka Required privilege...