WordPress Mail Mint plugin <= 1.17.7 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Denver Jackson in WordPress Plugin Mail Mint versions = 1.17.7...

WordPress WPFunnels Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10792 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID b1c17399226b Credits Nathan calysteon Require...

WordPress WP VR Plugin <= 8.5.5 is vulnerable to Broken Access Control

Software WP VR Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49680 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID 0a21442298cb Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress WP VR Plugin <= 8.5.4 is vulnerable to Broken Access Control

Software WP VR Type Plugin Vulnerable versions = 8.5.4 Fixed in 8.5.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49293 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID ece40c2ceb73 Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress Product Feed Manager Plugin <= 7.3.15 is vulnerable to Directory Traversal

Software Product Feed Manager Type Plugin Vulnerable versions = 7.3.15 Fixed in 7.3.16 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2023-52144 Patch priority Low CVSS severity Low 5.5 Developer WPFunnels Team PSID 19683c0fecc1 Credits Muhammad Daffa Required privile...

WordPress WP VR Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID de1111c82f8a Credits Rafie Muhammad Patchstack Required privilege...

WordPress WP VR Plugin < 8.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.9 Fixed in 8.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1413 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID f109d593f865 Credits Erwan LR WPScan Required privilege...

WordPress WP VR Plugin < 8.3.0 is vulnerable to Broken Access Control

Software WP VR Type Plugin Vulnerable versions 8.3.0 Fixed in 8.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1414 Patch priority Medium CVSS severity Medium 4.3 Developer WPFunnels Team PSID 08ad2733ea1e Credits Erwan LR WPScan Required privilege...

WordPress WP VR Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VR Type Plugin Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID 93df9c4109e0 Credits István Márton Required privile...

WordPress WP VR Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VR Type Plugin Vulnerable versions = 8.2.7 Fixed in 8.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25708 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID e8f1ea3c4e52 Credits Abdi Pranata Required privileg...

WordPress WP VR Plugin < 8.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.7 Fixed in 8.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0174 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cc58a857921 Credits Lana Codes Required privilege...