46684 matches found
WordPress JetWooBuilder Plugin <= 2.1.7.2 is vulnerable to Broken Access Control
Software JetWooBuilder Type Plugin Vulnerable versions = 2.1.7.2 Fixed in 2.1.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 8b8b6528e3fb Credits Rafie Muhammad Patchstack...
WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48756 Patch priority Medium CVSS severity Medium 7.1 Developer Crocoblock PSID 64c07c24a704 Credits Rafie Muhammad Patchstack...
WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection
Software Bravo Translate Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49161 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9e3d902f085a Credits Arvandy Required privilege Administrator Published 28...
WordPress BackWPup Plugin <= 4.0.1 is vulnerable to Path Traversal
Software BackWPup Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5504 Patch priority Low CVSS severity Low 8.7 Developer Claim ownership PSID 40bd5e9852bb Credits Marco Wotschka Required privilege Administrator Publishe...
WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)
Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47872 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da62b115c79c Credits Jesse McNeil Required privilege...
WordPress Elementor Addon Elements Plugin <= 1.12.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4690 Patch priority Low CVSS severity Low 4.3 Developer WPVibes PSID 4fc8bb67050e Credits WordFence Require...
WordPress WooCommerce Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47777 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2ced8676b54 Credits Rafie Muhammad Patchstack Required privile...
WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure
Software EWWW Image Optimizer Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-40600 Patch priority Medium CVSS severity Medium 5.3 Developer Exactly WWW LLC PSID e83c448240a2 Credits Mika Required...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...
WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to PHP Object Injection
Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-3154 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 2db7a0c70c48 Credits Linwz from DEVCORE Required privilege...
WordPress Simple Tweet Plugin <= 1.4.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Simple Tweet Type Plugin Vulnerable versions = 1.4.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45767 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3b30792fe2d1 Credits Rio Darmawan Required...
WordPress WP Job Openings Plugin <= 3.4.2 is vulnerable to Sensitive Data Exposure
Software WP Job Openings Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-4933 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 654671e3575f Credits Dmitrii Ignatyev Require...
WordPress ActivityPub Plugin < 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software ActivityPub Type Plugin Vulnerable versions 1.0.1 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3746 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4e185588c9f2 Credits Ben Bidner Required privilege...
WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...
WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection
Software Flatsome Type Theme Vulnerable versions = 3.17.5 Fixed in 3.17.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-40555 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0472344ea36e Credits Rafie Muhammad Patchstack Required privilege...
WordPress tagDiv Composer Plugin < 4.2 is vulnerable to Cross Site Scripting (XSS)
Software tagDiv Composer Type Plugin Vulnerable versions 4.2 Fixed in 4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3169 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 070584615152 Credits Truoc Phan Required privileg...
WordPress LWS Affiliation Plugin <= 2.2.6 is vulnerable to Local File Inclusion
Software LWS Affiliation Type Plugin Vulnerable versions = 2.2.6 Fixed in 2.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-32297 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f62752ba5867 Credits Jonas Höbenreich Required privilege...
WordPress WordLive Livecall Addon for Woocommerce Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software WordLive Livecall Addon for Woocommerce Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 59aa5946d146 Credits Rafie...
WordPress Afterpay Gateway for WooCommerce Plugin < 1.12.4 is vulnerable to SQL Injection
Software Afterpay Gateway for WooCommerce Type Plugin Vulnerable versions 1.12.4 Fixed in 1.12.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2744 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d0e7ba2b77fa Credits Arvandy Required privilege...
WordPress Getwid – Gutenberg Blocks Plugin <= 1.8.3 is vulnerable to Server Side Request Forgery (SSRF)
Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-1895 Patch priority Medium CVSS severity Medium 5 Developer Claim ownership PSID 688f43f1f9c1 Credits Ramuel Gall...
WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)
Software Quick/Bulk Order Form for WooCommerce Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2b935e525166 Credits...
WordPress QuBotChat Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)
Software QuBotChat Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2401 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10e03bd32db6 Credits Bob Matyas Required privilege...
WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...
WordPress Login Rebuilder Plugin < 2.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Login Rebuilder Type Plugin Vulnerable versions 2.8.1 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b98403680c8c Credits Taurus Omar Required...
WordPress Rating Widget Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Rating Widget Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23831 Patch priority Low CVSS severity Low 6.5 Developer Rating-Widget PSID c69402dd8b41 Credits István Márton Required...
WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Configurable Tag Cloud Type Plugin Vulnerable versions = 5.2 Fixed in 5.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28995 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ee8fb82c39fa Credits Abdi Pranata...
WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation
Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...
WordPress WP Mail Logging Plugin <= 1.10.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Mail Logging Type Plugin Vulnerable versions = 1.10.5 Fixed in 1.11.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8badb5d1d476 Credits István Márton...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0726 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b813357081c1 Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0715 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bf9e7164b8aa Credits Marco Wotschka Requir...
WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Broken Access Control
Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4385 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 582d2859794c Credits Yuya Kotake...
WordPress Pinpoint Booking System Plugin < 2.9.9.2.9 is vulnerable to SQL Injection
Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.2.9 Fixed in 2.9.9.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0220 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7276b0492738 Credits István Márton Required privilege...
WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)
Software Image Hover Effects For WPBakery Page Builder Type Plugin Vulnerable versions = 4.0 Fixed in 5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2843dca604e1 Credi...
WordPress spikes Theme < 10 is vulnerable to Arbitrary File Upload
Software spikes Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a62ccba33719 Credits Joshua Small Required privilege...
WordPress Smart Slider 3 <= 3.5.1.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in the WordPress Smart Slider 3 versions = 3.5.1.9. Solution Update the WordPress Smart Slider 3 plugin to the latest available version at least 3.5.1.11...
WordPress Directorist plugin <= 7.4.2.1 - Auth. Insecure Direct Object References (IDOR) vulnerability
Auth. Insecure Direct Object References IDOR vulnerability leading to arbitrary user password update discovered by cydave in the WordPress Directorist plugin versions = 7.4.2.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.4.2.2...
WordPress Super Testimonial Pro premium plugin < 1.0.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Super Testimonial Pro premium plugin versions 1.0.8. Solution Update the WordPress Super Testimonial Pro plugin to the latest available version at least 1.0.8...
WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability
Auth. Arbitrary File Read vulnerability discovered by Tomasz Staszyszyn Patchstack Alliance in WordPress S2W – Import Shopify to WooCommerce plugin versions = 1.1.12. Solution Update the WordPress S2W – Import Shopify to WooCommerce plugin to the latest available version at least 1.1.13...
WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13 Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...
WordPress Asgaros Forum plugin <= 2.1.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Dhakal Ananda Patchstack Alliance in the WordPress Asgaros Forum plugin versions = 2.1.0. Solution No patched version is available. No reply from the vendor...
WordPress Checkout Field Editor for WooCommerce plugin <= 1.7.2 - Auth PHP Object Injection vulnerability
Auth PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Checkout Field Editor for WooCommerce plugin versions = 1.7.2. Solution Update the WordPress Checkout Field Editor Checkout Manager for WooCommerce plugin to the latest available version at least 1.8.0...
WordPress Download Plugin plugin <= 1.6.2 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability discovered by apple502j in WordPress Download Plugin plugin versions = 1.6.2. Solution Update the WordPress Download Plugin plugin to the latest available version at least 2.0.0...
WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerability
Unauth. Arbitrary File Download vulnerability discovered by Dave Jong Patchstack in the WordPress WatchTowerHQ plugin versions = 3.6.15. Solution Update the WordPress WatchTowerHQ plugin to the latest available version at least 3.6.16...
WordPress Restaurant Menu plugin <= 2.3.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence in WordPress Restaurant Menu plugin versions = 2.3.1. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.2...
WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Autoblogging Removal discovered by Muhammad Daffa Patchstack Alliance in the WordPress Content Egg plugin versions = 5.4.0. Solution Update the WordPress Content Egg plugin to the latest available version at least 5.5.0...
WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...
WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...
WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by Dave Jong Patchstack in the WordPress Api2Cart Bridge Connector plugin versions = 1.1.0. Solution Update the WordPress Api2Cart Bridge Connector plugin to the latest available version at least 1.2.0...
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Arbitrary Post/Page Edition vulnerability
Auth. Arbitrary Post/Page Edition vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...
WordPress IP Blacklist Cloud plugin <= 5.00 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack in WordPress IP Blacklist Cloud plugin versions = 5.00. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a fu...