46706 matches found
WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection
Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...
WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to SQL Injection
Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4598 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8c9d4c888c2a Credits WordFence Required privilege Contributor...
WordPress Activity Log Plugin < 2.8.8 is vulnerable to Bypass Vulnerability
Software Activity Log Type Plugin Vulnerable versions 2.8.8 Fixed in 2.8.8 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-4281 Patch priority Low CVSS severity Low 5.3 Developer Elementor PSID 7011dff59d10 Credits Bartlomiej Marek and Tomasz Swiadek...
WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...
WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Broken Access Control
Software Simple Org Chart Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40603 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 404f7c0cda7d Credits Abdi Pranata Required privileg...
WordPress WP Remote Users Sync Plugin <= 1.2.11 is vulnerable to Broken Access Control
Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4374 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 367f50681d32 Credits Lana Codes Required...
WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS)
Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.11 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a5e55d72b53...
WordPress Theme Demo Import Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload
Software Theme Demo Import Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-28170 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 5560e6fed5b7 Credits deokhunKim Required privilege Administrat...
WordPress Social Share Icons & Social Share Buttons Plugin <= 3.5.7 is vulnerable to Broken Access Control
Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 70d3b475ed6b Credits...
WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Fraud Prevention For Woocommerce Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39159 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c961ef8cdc6 Credits Mi...
WordPress Chaty Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Chaty Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3245 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f10b64625618 Credits Dipak Panchal Required privilege...
WordPress Complianz Premium Plugin <= 6.4.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Complianz Premium Type Plugin Vulnerable versions = 6.4.7 Fixed in 6.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8ec92260cc85 Credits Rafie Muhammad...
WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 52100659480e Credits Truoc Phan Required...
WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication
Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...
WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...
WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34023 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e7893e261d3 Credits Nguyen Xuan...
WordPress is vulnerable to Directory Traversal
Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...
WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...
WordPress Seo By 10Web Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Seo By 10Web Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2224 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7380d78d51b0 Credits Taurus Omar Required privileg...
WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP All Backup Type Plugin Vulnerable versions = 2.4.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32583 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 2d09c30b2474 Credits Mika Required privilege...
WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...
WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...
WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection
Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 81dd81d22e8d Credits minhtuanact Required privilege...
WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)
Software I Recommend This Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23673 Patch priority Low CVSS severity Low 5.9 Developer Webtions Harish PSID f5cbbc89906b Credits Rio Darmawan Required...
WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection
Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...
WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control
Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...
WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control
Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...
WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...
WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)
Software ConvertBox Auto Embed WordPress plugin Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 859421b50cad Credit...
WordPress Load More Products for WooCommerce Plugin <= 1.1.9.7 is vulnerable to Broken Access Control
Software Load More Products for WooCommerce Type Plugin Vulnerable versions = 1.1.9.7 Fixed in 1.1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09d1bbbd7382 Credits István...
WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion
Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...
WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Dynamic Keywords Injector Type Plugin Vulnerable versions = 2.3.15 Fixed in 2.3.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47141 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2248ca9d15a Credits...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...
WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...
WordPress PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Plugin < 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Type Plugin Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4321 Patch priority Low CVSS severity Low 7.1...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...
WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload
Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...
WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability
Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...
WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability
Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin versions = 1.0.4. Solution Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version at least 1.0.5...
WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability
Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...
WordPress Welcart e-Commerce plugin <= 2.8.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Lana Codes in the WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...
WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...
WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...
WordPress TeraWallet – For WooCommerce plugin <= 1.4.3 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability discovered by Marco Wotschka in the WordPress TeraWallet – For WooCommerce plugin versions = 1.4.3. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.4...
WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...
WordPress Restaurant Menu <= 2.3.0 - Missing Authorization on AJAX Actions vulnerability
Missing Authorization on AJAX Actions vulnerability discovered by ptsfence in WordPress Restaurant Menu versions = 2.3.0. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.1...
WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability
Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...
WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...
WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API
Data Exposure vulnerability via REST API discovered by Than Taintor in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Francesco Carlucci in WordPress FluentForm plugin versions = 4.3.12. Solution Update the WordPress Contact Form Plugin plugin to the latest available version at least 4.3.13...