46684 matches found
WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-48333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b3744065c2d4 Credits Dave Jong...
WordPress Maspik – Spam blacklist Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)
Software Maspik – Spam blacklist Type Plugin Vulnerable versions = 0.9.2 Fixed in 0.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-48272 Patch priority High CVSS severity High 7.1 Developer Yonifre PSID 51f68067a7ba Credits Mika Required privile...
WordPress Elementor Addon Elements Plugin <= 1.12.7 is vulnerable to Broken Access Control
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4723 Patch priority Low CVSS severity Low 5.3 Developer WPVibes PSID e7f9c7b2043a Credits WordFence Required privileg...
WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...
WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure
Software Cloud Templates & Patterns collection Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-47529 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...
WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection
Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...
WordPress ICS Calendar Plugin <= 10.12.0.3 is vulnerable to Arbitrary File Download
Software ICS Calendar Type Plugin Vulnerable versions = 10.12.0.3 Fixed in 10.12.0.4 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2023-46784 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 662755066f6f Credits Muhammad Daffa Require...
WordPress News & Blog Designer Pack – WordPress Blog Plugin Plugin <= 3.4.1 is vulnerable to Remote Code Execution (RCE)
Software News & Blog Designer Pack – WordPress Blog Plugin Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-5815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 968958ed229c Credits...
WordPress Tutor LMS Plugin < 2.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4805 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 74daed2fad19 Credits emad-fazel Required...
WordPress WooCommerce Ninja Forms Product Add-ons Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload
Software WooCommerce Ninja Forms Product Add-ons Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5601 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2bbb91735283 Credits Alexander Concha...
WordPress is vulnerable to Cross Site Scripting (XSS)
Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac4da91c6db1 Credits Rafie Muhammad Patchstack Required...
WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal
Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...
WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure
Software WP Ultimate Exporter Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2487 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID b22ef0e23a4e Credits Jonas Höbenreic...
WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Site Protector Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-44237 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8d18325c55eb Credits Nguyen Xuan Chien...
WordPress BEAR Plugin <= 1.1.3.3 is vulnerable to Broken Access Control
Software BEAR Type Plugin Vulnerable versions = 1.1.3.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611080b0d2da Credits Marco Wotschka Required privilege...
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.15.13.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Type Plugin Vulnerable versions = 6.15.13.1 Fixed in 6.15.15.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4975 Patch priority Low CVSS severity Low 4.3 Developer...
WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...
WordPress FileOrganizer Plugin <= 1.0.2 is vulnerable to Arbitrary File Download
Software FileOrganizer Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2023-3664 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 1dc652566f23 Credits Dmitrii Required privilege...
WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4773 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7be568b5c18c Credits Lana Codes Required...
WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4597 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f7946c39456 Credits István Márton Requir...
WordPress Accordion and Accordion Slider Plugin <= 1.2.4 is vulnerable to Broken Access Control
Software Accordion and Accordion Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6640940bf9c1 Credits Abdi Pranata...
WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)
Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...
WordPress Theme Demo Import Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload
Software Theme Demo Import Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-28170 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 5560e6fed5b7 Credits deokhunKim Required privilege Administrat...
WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...
WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)
Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4142 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a395389d1982 Credits István Márton Required...
WordPress WPCode Plugin < 2.0.13.1 is vulnerable to Cross Site Scripting (XSS)
Software WPCode Type Plugin Vulnerable versions 2.0.13.1 Fixed in 2.0.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3524 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef32523fa659 Credits Erwan LR WPScan Require...
WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)
Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...
WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)
Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...
WordPress WP Shopping Pages Plugin <= 1.14 is vulnerable to Cross Site Scripting (XSS)
Software WP Shopping Pages Type Plugin Vulnerable versions = 1.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3492 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 898c5bf8d8e1 Credits Katharina Altmann...
WordPress Buy Me a Coffee Plugin <= 3.7 is vulnerable to Broken Access Control
Software Buy Me a Coffee Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2078 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f9e072d5272 Credits Lana Codes Required privilege...
WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3179 Patch priority Low CVSS severity Low 8.8 Developer WPExperts PSID a42127c2ce5a Credits Erwan LR WPScan Required privilege...
WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3178 Patch priority Low CVSS severity Low 5.4 Developer WPExperts PSID 120e0e7d693e Credits Erwan LR WPScan Required privilege...
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.4 is vulnerable to Broken Authentication
Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.4 Fixed in 7.6.5 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2982 Patch priority High CVSS severity High 9.8 Developer Claim ownership...
WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
Software WCP OpenWeather Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90acb7d8d993 Credits Nguyen Xuan Chien...
WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)
Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36383 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8cd145419482 Credits emad...
WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...
WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions = 6.4.5 Fixed in 6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a135bb16d42c Credit...
WordPress ChatBot Plugin < 4.5.6 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions 4.5.6 Fixed in 4.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID eb7005b63455 Credits NGO VAN TU Required privilege...
WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-31212 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e8d727f37fdc Credits Rafie Muhammad Patchstack Required privilege...
WordPress Bit Form – Contact Form Plugin Plugin < 1.9 is vulnerable to Remote Code Execution (RCE)
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4774 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4efef0b2be54 Credits Felipe Restrepo Rodríguez...
WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control
Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...
WordPress Mega Addons For WPBakery Page Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Mega Addons For WPBakery Page Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0268 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4952c1a005f...
WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.5.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.5.13 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4938 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 825435f567d9...
WordPress Brands for WooCommerce Plugin <= 3.7.0.5 is vulnerable to Broken Access Control
Software Brands for WooCommerce Type Plugin Vulnerable versions = 3.7.0.5 Fixed in 3.7.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f2b0dfb0d37 Credits István Márton...
WordPress Watu Quiz Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)
Software Watu Quiz Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0968 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f8e4b6a3eab0 Credits Marco Wotschka Required...
WordPress Shortcodes Ultimate Plugin < 5.12.8 is vulnerable to Sensitive Data Exposure
Software Shortcodes Ultimate Type Plugin Vulnerable versions 5.12.8 Fixed in 5.12.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0911 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 466e8901614e Credits Erwan LR WPScan Requir...
WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion
Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...
WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)
Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0585 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 21a22db087a8 Credits WordFence Required...
WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Publish to Schedule Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25994 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 196402e1491d Credits Rio Darmawan...