46684 matches found
WordPress WP RSS Aggregator Plugin <= 4.23.5 is vulnerable to Server Side Request Forgery (SSRF)
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.5 Fixed in 4.23.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-0628 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID dd1943fc88ab Credits Colin Xu Requir...
WordPress Popup More Popups Plugin <= 2.2.4 is vulnerable to Local File Inclusion
Software Popup More Popups Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-0844 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 12b7d2f01a9e Credits 0x9567b Required privilege Administrator...
WordPress Dragfy Addons for Elementor Plugin <= 8.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Dragfy Addons for Elementor Type Plugin Vulnerable versions = 8.3.1 Fixed in 8.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0448 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80155176471b Credits Webbernaut...
WordPress File Manager Plugin <= 7.2.1 is vulnerable to Sensitive Data Exposure
Software File Manager Type Plugin Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0761 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8a9bf85057b9 Credits Yuki Haruma Required privileg...
WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22162 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7480c3835543 Credits Dhabaleshwar Das Required...
WordPress WPS Hide Login Plugin <= 1.9.11 is vulnerable to Bypass Vulnerability
Software WPS Hide Login Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-49748 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID b95951ba6ec7 Credits Naveen Muthusamy Required privilege...
WordPress AI Engine: ChatGPT Chatbot Plugin <= 1.9.98 is vulnerable to Arbitrary File Upload
Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 1.9.98 Fixed in 1.9.99 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-51409 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fdd4a788407b Credits Rafie Muhammad Patchstack...
WordPress MapPress Maps for WordPress Plugin <= 2.88.13 is vulnerable to Cross Site Scripting (XSS)
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.13 Fixed in 2.88.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6524 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 602a4e053876 Credits Akbar...
WordPress WP 2FA Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP 2FA Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6520 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95117a5d7a1e Credits Ulyses Saicha Required privilege...
WordPress 404 Solution Plugin <= 2.33.0 is vulnerable to Sensitive Data Exposure
Software 404 Solution Type Plugin Vulnerable versions = 2.33.0 Fixed in 2.33.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52146 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8e10ffdc1b34 Credits Joshua Ch...
WordPress Product Feed Manager Plugin <= 7.3.15 is vulnerable to Directory Traversal
Software Product Feed Manager Type Plugin Vulnerable versions = 7.3.15 Fixed in 7.3.16 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2023-52144 Patch priority Low CVSS severity Low 5.5 Developer WPFunnels Team PSID 19683c0fecc1 Credits Muhammad Daffa Required privile...
WordPress Media File Renamer Plugin <= 5.7.7 is vulnerable to Arbitrary File Upload
Software Media File Renamer Type Plugin Vulnerable versions = 5.7.7 Fixed in 5.7.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-50897 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 364780c1ddc1 Credits Taihei Shimamine Required privilege...
WordPress Everest Forms Plugin <= 2.0.3 is vulnerable to Broken Access Control
Software Everest Forms Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51377 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8b5448fc86fc Credits Revan Arifio Required privile...
WordPress Pre* Party Resource Hints Plugin <= 1.8.19 is vulnerable to SQL Injection
Software Pre Party Resource Hints Type Plugin Vulnerable versions = 1.8.19 Fixed in 1.8.20 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50855 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 098859db7935 Credits Muhammad Daffa Required privilege...
WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection
Software BookingPress Type Plugin Vulnerable versions = 1.0.72 Fixed in 1.0.73 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50841 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID f0bdac9d74d8 Credits Ngô Thiên An ancorn from VNPT-VCI Required...
WordPress SpeedyCache Plugin <= 1.1.3 is vulnerable to Broken Access Control
Software SpeedyCache Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6598 Patch priority Low CVSS severity Low 5.4 Developer SpeedyCache PSID 45d8ddb6c2e0 Credits Lucio Sá Required privilege Subscriber...
WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal
Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.6 Fixed in 2.9.7 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6120 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 545792f26683 Credits Marco Wotschka Required...
WordPress Ibtana Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Ibtana Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6684 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6212e7800b8c Credits István Márton Required privileg...
WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection
Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...
WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure
Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...
WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.13.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 1a0a78a4df65 Credits Rafie...
WordPress Userpro Plugin <= 5.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Userpro Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2497 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7210ffe49db6 Credits István Márton Required...
WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Perfmatters Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47875 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 02a9c657f03b Credits Dave Jong Patchstack...
WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...
WordPress myCred Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)
Software myCred Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47853 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7a775c0398b7 Credits Khalid Yusuf Required privilege Contributor...
WordPress WooCommerce Blocks Plugin <= 11.1.1 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Blocks Type Plugin Vulnerable versions = 11.1.1 Fixed in 11.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47777 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99320ddb7175 Credits Rafie Muhammad Patchstack Require...
WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS)
Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47786 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bc229172c2ce Credits Rafie Muhammad Patchstack Required...
WordPress Martins Free & Easy SEO Link buildings Plugin < 1.2.30 is vulnerable to Cross Site Scripting (XSS)
Software Martins Free & Easy SEO Link buildings Type Plugin Vulnerable versions 1.2.30 Fixed in 1.2.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5641 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b26e0b25f0b1...
WordPress Star CloudPRNT for WooCommerce Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Star CloudPRNT for WooCommerce Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47514 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a1ab953b581 Credits Le...
WordPress URL Shortify Plugin < 1.7.9.1 is vulnerable to Cross Site Scripting (XSS)
Software URL Shortify Type Plugin Vulnerable versions 1.7.9.1 Fixed in 1.7.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5605 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 32b31c65bd12 Credits Bartlomiej Marek and Toma...
WordPress video carousel slider with lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5945 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1fb4a457923c Credits Al...
WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...
WordPress Popup with fancybox Plugin <= 3.5 is vulnerable to SQL Injection
Software Popup with fancybox Type Plugin Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5465 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 12bd56b92eb5 Credits István Márton Required privilege Contributor...
WordPress Neon text Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Neon text Type Plugin Vulnerable versions = 1.1 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5817 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3b1607d0a011 Credits Dmitrii Ignatyev Required privileg...
WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Feather Login Page Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46777 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 62aa1ddd991f Credits Mika Required...
WordPress Custom Header Images Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Custom Header Images Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d852d829fc53 Credits Nguyen Xuan Chie...
WordPress Templately Plugin < 2.2.6 is vulnerable to Broken Access Control
Software Templately Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5454 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d43e1c889b21 Credits Krzysztof Zając CERT PL Require...
WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Settings Change
Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-46148 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 4e68744a5277 Credits Rafie Muhammad Patchstack Required...
WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload
Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-46149 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 04def42b7ff1 Credits Rafie Muhammad Patchstack Required privile...
WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)
Software Spider Facebook Type Plugin Vulnerable versions = 1.0.15 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44993b9d3d08 Credits LEE SE HYOUNG...
WordPress is vulnerable to Cross Site Scripting (XSS)
Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac4da91c6db1 Credits Rafie Muhammad Patchstack Required...
WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...
WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)
Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...
WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Broken Access Control
Software IMPress Listings Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7bfb35b30d5c Credits Nguyen Anh Tien Required...
WordPress WP Mail SMTP Pro Plugin <= 3.8.0 is vulnerable to Broken Access Control
Software WP Mail SMTP Pro Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3213 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 55736a8f4b7c Credits Alex Thomas Required privileg...
WordPress Horizontal scrolling announcement Plugin <= 9.2 is vulnerable to SQL Injection
Software Horizontal scrolling announcement Type Plugin Vulnerable versions = 9.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4999 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 360dd90299d7 Credits Lana Codes Required privilege...
WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3869 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e19751d1d189 Credits FearZzZz Required...
WordPress MapPress Maps for WordPress Plugin <= 2.88.4 is vulnerable to Cross Site Scripting (XSS)
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.4 Fixed in 2.88.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4840 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fb9c1035c4b Credits Lana Codes...
WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4773 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7be568b5c18c Credits Lana Codes Required...
WordPress Analytify Plugin <= 5.1.0 is vulnerable to Broken Access Control
Software Analytify Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41695 Patch priority Low CVSS severity Low 3.5 Developer Claim ownership PSID cd9a143f3c57 Credits Abdi Pranata Required privilege...