WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Feather Login Page Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46777 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 62aa1ddd991f Credits Mika Required...

WordPress Custom Header Images Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom Header Images Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d852d829fc53 Credits Nguyen Xuan Chie...

WordPress Bookly Plugin < 22.4 is vulnerable to SQL Injection

Software Bookly Type Plugin Vulnerable versions 22.4 Fixed in 22.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 87844051842a Credits Pablo Sanchez Required privilege Administrator Published 17...

WordPress Tutor LMS Plugin < 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4805 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 74daed2fad19 Credits emad-fazel Required...

WordPress WooCommerce Ninja Forms Product Add-ons Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Ninja Forms Product Add-ons Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5601 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2bbb91735283 Credits Alexander Concha...

WordPress is vulnerable to Cross Site Scripting (XSS)

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac4da91c6db1 Credits Rafie Muhammad Patchstack Required...

WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...

WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software IMPress Listings Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7bfb35b30d5c Credits Nguyen Anh Tien Required...

WordPress WP Mail SMTP Pro Plugin <= 3.8.0 is vulnerable to Broken Access Control

Software WP Mail SMTP Pro Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3213 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 55736a8f4b7c Credits Alex Thomas Required privileg...

WordPress WP Job Openings Plugin <= 3.4.2 is vulnerable to Sensitive Data Exposure

Software WP Job Openings Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-4933 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 654671e3575f Credits Dmitrii Ignatyev Require...

WordPress BEAR Plugin <= 1.1.3.3 is vulnerable to Broken Access Control

Software BEAR Type Plugin Vulnerable versions = 1.1.3.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611080b0d2da Credits Marco Wotschka Required privilege...

WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3869 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e19751d1d189 Credits FearZzZz Required...

WordPress MapPress Maps for WordPress Plugin <= 2.88.4 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.4 Fixed in 2.88.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4840 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fb9c1035c4b Credits Lana Codes...

WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...

WordPress SendPress Newsletters Plugin <= 1.23.11.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software SendPress Newsletters Type Plugin Vulnerable versions = 1.23.11.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41730 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID afb124386373 Credits yuyudhn...

WordPress Tilda Publishing Plugin <= 0.3.23 is vulnerable to Broken Access Control

Software Tilda Publishing Type Plugin Vulnerable versions = 0.3.23 Fixed in 0.3.24 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31234 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f643ff3b43ab Credits spacecroupier Requir...

WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-34383 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 02d3661940eb Credits Theodoros Malachias Required privilege...

WordPress Charitable Plugin <= 1.7.0.12 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.7.0.12 Fixed in 1.7.0.13 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2023-4404 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52fac3028e4c Credits István Márton Required privilege...

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...

WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software Simple Org Chart Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40603 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 404f7c0cda7d Credits Abdi Pranata Required privileg...

WordPress Accordion and Accordion Slider Plugin <= 1.2.4 is vulnerable to Broken Access Control

Software Accordion and Accordion Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6640940bf9c1 Credits Abdi Pranata...

WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...

WordPress WPCode Plugin < 2.0.13.1 is vulnerable to Cross Site Scripting (XSS)

Software WPCode Type Plugin Vulnerable versions 2.0.13.1 Fixed in 2.0.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3524 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef32523fa659 Credits Erwan LR WPScan Require...

WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection

Software Subscribe to Category Type Plugin Vulnerable versions = 2.7.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32590 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2968f51bb060 Credits Mika Required privilege Unauthenticated...

WordPress WP Shopping Pages Plugin <= 1.14 is vulnerable to Cross Site Scripting (XSS)

Software WP Shopping Pages Type Plugin Vulnerable versions = 1.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3492 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 898c5bf8d8e1 Credits Katharina Altmann...

WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3178 Patch priority Low CVSS severity Low 5.4 Developer WPExperts PSID 120e0e7d693e Credits Erwan LR WPScan Required privilege...

WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36383 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8cd145419482 Credits emad...

WordPress ChatBot Plugin < 4.5.6 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.5.6 Fixed in 4.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID eb7005b63455 Credits NGO VAN TU Required privilege...

WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...

WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.3 Fixed in 1.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32960 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID d64e914c934f Credits Rafie Muhammad...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 81dd81d22e8d Credits minhtuanact Required privilege...

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...

WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...

WordPress Contact Form Email Plugin <= 1.3.31 is vulnerable to Other Vulnerability Type

Software Contact Form Email Type Plugin Vulnerable versions = 1.3.31 Fixed in 1.3.32 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-28494 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1b66482cfee4 Credits István Márton Require...

WordPress Brands for WooCommerce Plugin <= 3.7.0.5 is vulnerable to Broken Access Control

Software Brands for WooCommerce Type Plugin Vulnerable versions = 3.7.0.5 Fixed in 3.7.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f2b0dfb0d37 Credits István Márton...

WordPress Popup Maker Plugin <= 1.17.1 is vulnerable to Sensitive Data Exposure

Software Popup Maker Type Plugin Vulnerable versions = 1.17.1 Fixed in 1.18.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-47597 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d6552fe3bb39 Credits rezaduty Required privilege...

WordPress Formidable Forms Plugin < 6.1 is vulnerable to Bypass Vulnerability

Software Formidable Forms Type Plugin Vulnerable versions 6.1 Fixed in 6.1 OWASP Top 10 A1: Injection Classification Bypass Vulnerability CVE CVE-2023-0816 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9879bb5c0709 Credits Daniel Ruf Required privilege Unauthenticated...

WordPress Watu Quiz Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0968 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f8e4b6a3eab0 Credits Marco Wotschka Required...

WordPress WooSupply – Suppliers, Supply Orders and Stock Management Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF)

Software WooSupply – Suppliers, Supply Orders and Stock Management Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f4ff6d9dbad...

WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Publish to Schedule Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25994 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 196402e1491d Credits Rio Darmawan...

WordPress Quiz And Survey Master Plugin <= 8.0.8 is vulnerable to Arbitrary Content Deletion

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.8 Fixed in 8.0.9 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-0291 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e9a3307d184 Credits Julien Ahrens...

WordPress WoodMart Theme <= 7.0.4 is vulnerable to Content Injection

Software WoodMart Type Theme Vulnerable versions = 7.0.4 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-25790 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID b69ab1de1e4a Credits RE-ALTER Required privilege Unauthenticated Published 16...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0715 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bf9e7164b8aa Credits Marco Wotschka Requir...

WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24415 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56586a24f6dd Credits Rafshanzani Suhada Required...

WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...