WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48738 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5a7e2b4a3331 Credits Rafie Muhammad Patchstack Required...

WordPress WooCommerce Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47777 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2ced8676b54 Credits Rafie Muhammad Patchstack Required privile...

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to PHP Object Injection

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-3154 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 2db7a0c70c48 Credits Linwz from DEVCORE Required privilege...

WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.18 Fixed in 1.15.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2facf3676186 Credits RE-ALTER Required...

WordPress ActivityPub Plugin < 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software ActivityPub Type Plugin Vulnerable versions 1.0.1 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3746 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4e185588c9f2 Credits Ben Bidner Required privilege...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4598 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8c9d4c888c2a Credits WordFence Required privilege Contributor...

WordPress Activity Log Plugin < 2.8.8 is vulnerable to Bypass Vulnerability

Software Activity Log Type Plugin Vulnerable versions 2.8.8 Fixed in 2.8.8 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-4281 Patch priority Low CVSS severity Low 5.3 Developer Elementor PSID 7011dff59d10 Credits Bartlomiej Marek and Tomasz Swiadek...

WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...

WordPress tagDiv Composer Plugin < 4.2 is vulnerable to Cross Site Scripting (XSS)

Software tagDiv Composer Type Plugin Vulnerable versions 4.2 Fixed in 4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3169 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 070584615152 Credits Truoc Phan Required privileg...

WordPress WP Remote Users Sync Plugin <= 1.2.11 is vulnerable to Broken Access Control

Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4374 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 367f50681d32 Credits Lana Codes Required...

WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fraud Prevention For Woocommerce Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39159 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c961ef8cdc6 Credits Mi...

WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...

WordPress Getwid – Gutenberg Blocks Plugin <= 1.8.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-1895 Patch priority Medium CVSS severity Medium 5 Developer Claim ownership PSID 688f43f1f9c1 Credits Ramuel Gall...

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34023 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e7893e261d3 Credits Nguyen Xuan...

WordPress QuBotChat Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2401 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10e03bd32db6 Credits Bob Matyas Required privilege...

WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...

WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...

WordPress Login Rebuilder Plugin < 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Login Rebuilder Type Plugin Vulnerable versions 2.8.1 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b98403680c8c Credits Taurus Omar Required...

WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...

WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...

WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection

Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...

WordPress Weaver Xtreme Theme <= 5.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Type Theme Vulnerable versions = 5.0.7 Fixed in 6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1403 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b31bb20a58fc Credits Ramuel Gall Required privileg...

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...

WordPress Load More Products for WooCommerce Plugin <= 1.1.9.7 is vulnerable to Broken Access Control

Software Load More Products for WooCommerce Type Plugin Vulnerable versions = 1.1.9.7 Fixed in 1.1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09d1bbbd7382 Credits István...

WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Slider For Elementor Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fea57db2be31 Credits Lana Codes...

WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Software Advanced Dynamic Pricing for WooCommerce Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-40203 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 061da4b2f208 Credit...

WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Broken Access Control

Software WP Table Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47601 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dd961e3e7567 Credits Cat Required privilege...

WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Broken Access Control

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4385 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 582d2859794c Credits Yuya Kotake...

WordPress PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Plugin < 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Type Plugin Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4321 Patch priority Low CVSS severity Low 7.1...

WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...

WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...

WordPress TeraWallet – For WooCommerce plugin <= 1.4.3 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Marco Wotschka in the WordPress TeraWallet – For WooCommerce plugin versions = 1.4.3. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.4...

WordPress Super Testimonial Pro premium plugin < 1.0.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Super Testimonial Pro premium plugin versions 1.0.8. Solution Update the WordPress Super Testimonial Pro plugin to the latest available version at least 1.0.8...

WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Tomasz Staszyszyn Patchstack Alliance in WordPress S2W – Import Shopify to WooCommerce plugin versions = 1.1.12. Solution Update the WordPress S2W – Import Shopify to WooCommerce plugin to the latest available version at least 1.1.13...

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13 Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

WordPress Jeeng Push Notifications plugin <= 2.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in WordPress Jeeng Push Notifications plugin versions = 2.0.3. Solution Update the WordPress Jeeng Push Notifications plugin to the latest available version at least 2.0.4...

WordPress Download Plugin plugin <= 1.6.2 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability discovered by apple502j in WordPress Download Plugin plugin versions = 1.6.2. Solution Update the WordPress Download Plugin plugin to the latest available version at least 2.0.0...

WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

WordPress WP-Polls plugin <= 2.75.6 - IP Validation Bypass vulnerability

IP Validation Bypass vulnerability discovered by Daniel Ruf in WordPress WP-Polls plugin versions = 2.75.6. Solution Update the WordPress WP-Polls plugin to the latest available version at least 2.76.0...

WordPress Restaurant Menu plugin <= 2.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence in WordPress Restaurant Menu plugin versions = 2.3.1. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.2...

WordPress Evaluate plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariah Almotlag in the WordPress Evaluate plugin versions = 1.0. Solution No patched version available...

WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...

WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...

WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Dave Jong Patchstack in the WordPress Api2Cart Bridge Connector plugin versions = 1.1.0. Solution Update the WordPress Api2Cart Bridge Connector plugin to the latest available version at least 1.2.0...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Thura Moe Myint Patchstack Alliance in the WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

WordPress Newspaper premium theme <= 11.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan Techlab Corporation in WordPress Newspaper premium theme versions = 11.5.1 Solution Update the WordPress Newspaper theme to the latest available version at least 12...

WordPress LBStopAttack plugin <= 1.1.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Settings Update discovered by Daniel Ruf in WordPress LBStopAttack plugin versions = 1.1.2. Solution Update the WordPress LBstopattack plugin to the latest available version at least 1.1.3...

WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability

Block BYPASS vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress iQ Block Country plugin versions = 1.2.18. Solution Update the WordPress iQ Block Country plugin to the latest available version at least 1.2.19...