WordPress KB Support Plugin <= 1.6.0 is vulnerable to Broken Access Control

Software KB Support Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33589 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 770dfcb61dbb Credits Yudistira Arya Required privilege...

WordPress Client Dash Plugin <= 2.2.1 is vulnerable to Broken Access Control

Software Client Dash Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33652 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 999732255bed Credits Skalucy Required privilege...

WordPress PopupAlly Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software PopupAlly Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33639 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ac9794d90ae4 Credits Manab Jyoti Dowarah Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.93 is vulnerable to Bypass Vulnerability

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.93 Fixed in 1.3.95 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32786 Patch priority Low CVSS severity Low 5.3 Developer WProyal PSID 136b421b7f6f Credits Brandon Roldan Required...

WordPress Responsive Slider by MetaSlider Plugin <= 3.70.0 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Slider by MetaSlider Type Plugin Vulnerable versions = 3.70.0 Fixed in 3.70.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3285 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 334dac19f012 Credits wesley...

WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2858 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfe6a65231af Credits Bob Matyas...

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-31388 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2296 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db9d53f79206 Credits Jobert Krohnen...

WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...

WordPress Media Library Folders Plugin <= 8.1.7 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.1.7 Fixed in 8.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30486 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 07c50fa94bf4 Credits Le Ngoc Anh Required privilege Author...

WordPress Elementor Website Builder Plugin <= 3.20.2 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.20.2 Fixed in 3.20.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2117 Patch priority Low CVSS severity Low 6.4 Developer Elementor PSID 13b41799a0e4 Credits Webbernaut Require...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control

Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...

WordPress MaxButtons Plugin <= 9.7.6 is vulnerable to Cross Site Scripting (XSS)

Software MaxButtons Type Plugin Vulnerable versions = 9.7.6 Fixed in 9.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7029 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d11aac46fc3d Credits Webbernaut Required privilege...

WordPress enigma chart.js Plugin <= 2023.2 is vulnerable to Cross Site Scripting (XSS)

Software enigma chart.js Type Plugin Vulnerable versions = 2023.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6082 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f48f6888cc5 Credits Asif Nawaz Minhas & Serge...

WordPress FluentForm Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f6deb843ce1 Credits Akbar Kustirama Required...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 1.9.98 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 1.9.98 Fixed in 1.9.99 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-51409 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fdd4a788407b Credits Rafie Muhammad Patchstack...

WordPress RSS Aggregator by Feedzy Plugin <= 4.3.2 is vulnerable to Broken Access Control

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6798 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID e743d5ddd389 Credits Colin Xu Required...

WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection

Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...

WordPress Import and export users and customers Plugin <= 1.24.3 is vulnerable to Cross Site Scripting (XSS)

Software Import and export users and customers Type Plugin Vulnerable versions = 1.24.3 Fixed in 1.24.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6624 Patch priority Low CVSS severity Low 6.5 Developer Codection PSID 8dfbaad9de1b Credits...

WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Currency For WooCommerce Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49840 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c36e478dcad3 Credits Nguy...

WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...

WordPress Social Share Buttons & Analytics Plugin – GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS)

Software Social Share Buttons & Analytics Plugin – GetSocial.io Type Plugin Vulnerable versions = 4.3.12 Fixed in 4.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49189 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e59fc2241f6f Credits...

WordPress Theme My Login 2FA Plugin < 1.2 is vulnerable to Bypass Vulnerability

Software Theme My Login 2FA Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-6272 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8ec60bf22c2e Credits Joost Grunwald Required privilege...

WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO Type Plugin Vulnerable versions = 21.0 Fixed in 21.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40680 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID c49205f84c75 Credits Rafie Muhammad Patchstack Required...

WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-48333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b3744065c2d4 Credits Dave Jong...

WordPress TextMe SMS Plugin <= 1.9.0 is vulnerable to Broken Access Control

Software TextMe SMS Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 91f657366fb1 Credits Arvandy Required privilege...

WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

Software EWWW Image Optimizer Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-40600 Patch priority Medium CVSS severity Medium 5.3 Developer Exactly WWW LLC PSID e83c448240a2 Credits Mika Required...

WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Broken Access Control

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.16.4 Fixed in 3.16.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47504 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID 271c089c3c82 Credits Rafie Muhammad Patchsta...

WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection

Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...

WordPress ICS Calendar Plugin <= 10.12.0.3 is vulnerable to Arbitrary File Download

Software ICS Calendar Type Plugin Vulnerable versions = 10.12.0.3 Fixed in 10.12.0.4 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2023-46784 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 662755066f6f Credits Muhammad Daffa Require...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Webmaster Tools Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46093 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c2258c3a70c4 Credits LEE SE HYOUNG...

WordPress is vulnerable to Cross Site Scripting (XSS)

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac4da91c6db1 Credits Rafie Muhammad Patchstack Required...

WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure

Software WP Ultimate Exporter Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2487 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID b22ef0e23a4e Credits Jonas Höbenreic...

WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5057 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7a16cc70d522 Credits Ben Bidner Required privilege...

WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.15.13.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Type Plugin Vulnerable versions = 6.15.13.1 Fixed in 6.15.15.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4975 Patch priority Low CVSS severity Low 4.3 Developer...

WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...

WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection

Software Flatsome Type Theme Vulnerable versions = 3.17.5 Fixed in 3.17.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-40555 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0472344ea36e Credits Rafie Muhammad Patchstack Required privilege...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4597 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f7946c39456 Credits István Márton Requir...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.11 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a5e55d72b53...

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...

WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion

Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.5.7 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 70d3b475ed6b Credits...

WordPress Simple Cart Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Cart Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d50ef7e26bc5 Credits Rafie Muhammad Patchstack Required...

WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software WCP OpenWeather Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90acb7d8d993 Credits Nguyen Xuan Chien...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.4 is vulnerable to Broken Authentication

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.4 Fixed in 7.6.5 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2982 Patch priority High CVSS severity High 9.8 Developer Claim ownership...

WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...

WordPress Complianz Premium Plugin <= 6.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz Premium Type Plugin Vulnerable versions = 6.4.7 Fixed in 6.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8ec92260cc85 Credits Rafie Muhammad...

WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions = 6.4.5 Fixed in 6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a135bb16d42c Credit...