WordPress YOP Poll Plugin <= 6.5.28 is vulnerable to Broken Authentication

Software YOP Poll Type Plugin Vulnerable versions = 6.5.28 Fixed in 6.5.29 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2023-46611 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f8c5b7c225ab Credits qilin99 Required privilege...

WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection

Software KD Coming Soon Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-46615 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 340885e1964a Credits Mika Required privilege Unauthenticated...

WordPress Templately Plugin < 2.2.6 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5454 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d43e1c889b21 Credits Krzysztof Zając CERT PL Require...

WordPress Magee Shortcodes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Magee Shortcodes Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4783 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d85a6a8988a2 Credits Dmitrii Ignatyev Required...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-46149 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 04def42b7ff1 Credits Rafie Muhammad Patchstack Required privile...

WordPress Poll Maker Plugin <= 4.7.1 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45766 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63dcd5a4b5a6 Credits Revan Arifio Required privilege...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...

WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software LeadSquared Suite Type Plugin Vulnerable versions = 0.7.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45047 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 660c9e832776 Credits yuyudhn Required...

WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control

Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...

WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...

WordPress FileOrganizer Plugin <= 1.0.2 is vulnerable to Arbitrary File Download

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2023-3664 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 1dc652566f23 Credits Dmitrii Required privilege...

WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control

Software All-in-One WP Migration Dropbox Extension Type Plugin Vulnerable versions = 3.75 Fixed in 3.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 517b1424056f Credits Raf...

WordPress Countdown Timer Ultimate Plugin <= 2.4 is vulnerable to Broken Access Control

Software Countdown Timer Ultimate Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 02b1dc1f96b2 Credits Abdi Pranata Required...

WordPress Tabs & Accordion Plugin <= 1.3.10 is vulnerable to Content Injection

Software Tabs & Accordion Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-40557 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2f516072a35d Credits Abdi Pranata Required privilege Contributor...

WordPress CT Commerce Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software CT Commerce Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40007 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 03b22abe2aaa Credits Nithissh S Required privilege...

WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP HTML Mail Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40202 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 21db8a0a2110 Credits István Márton Required...

WordPress Theme Demo Import Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software Theme Demo Import Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-28170 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 5560e6fed5b7 Credits deokhunKim Required privilege Administrat...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4142 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a395389d1982 Credits István Márton Required...

WordPress Discussion Board Plugin <= 2.4.8 is vulnerable to Content Injection

Software Discussion Board Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A5: Broken Access Control Classification Content Injection CVE CVE-2023-39161 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e808296acb35 Credits Abdi Pranata Required privilege...

WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WpStream – Live Streaming, Video on Demand, Pay Per View Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-38512 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership...

WordPress JupiterX Core Plugin <= 4.6.6 is vulnerable to Arbitrary File Download

Software JupiterX Core Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.9 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2023-3813 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 89a622a39c6e Credits István Márton Required privilege...

WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection

Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.68 is vulnerable to Broken Access Control

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.68 Fixed in 3.3.69 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8bdf6fb868a6...

WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software NOO Timetable Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d615de5bc83f Credits Cat Required privilege...

WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.7.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID baa4f71a9406 Credits Rafie Muhammad Patchsta...

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 52100659480e Credits Truoc Phan Required...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...

WordPress Page Builder with Image Map by AZEXO Plugin <= 1.27.133 is vulnerable to Broken Access Control

Software Page Builder with Image Map by AZEXO Type Plugin Vulnerable versions = 1.27.133 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3053 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bcb4f38dcc4d Credits...

WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Advanced Flat rate shipping Woocommerce Type Plugin Vulnerable versions = 1.6.4.4 Fixed in 1.6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34015 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 47ba6a8a749f...

WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO PRO Type Plugin Vulnerable versions = 3.0.35 Fixed in 3.0.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32800 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 436b3db030cf Credits Rafie Muhamma...

WordPress Seo By 10Web Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Seo By 10Web Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2224 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7380d78d51b0 Credits Taurus Omar Required privileg...

WordPress Bit Form – Contact Form Plugin Plugin < 1.9 is vulnerable to Remote Code Execution (RCE)

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4774 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4efef0b2be54 Credits Felipe Restrepo Rodríguez...

WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection

Software Ultimate Addons for Contact Form 7 Type Plugin Vulnerable versions = 3.1.23 Fixed in 3.1.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47586 Patch priority High CVSS severity High 8.2 Developer Themefic PSID 7a22cfa758d5 Credits minhtuanact Required privilege...

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...

WordPress Advanced Custom Fields PRO Plugin <= 6.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.1.5 Fixed in 6.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 007d3de805e3 Credits Rafie...

WordPress Product Catalog Feed by PixelYourSite Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Product Catalog Feed by PixelYourSite Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1804 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 27de0c95fe70 Credits...

WordPress AJAX Thumbnail Rebuild Plugin <= 1.13 is vulnerable to Broken Access Control

Software AJAX Thumbnail Rebuild Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b90f03667897 Credits Justiice Required...

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Software I Recommend This Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23673 Patch priority Low CVSS severity Low 5.9 Developer Webtions Harish PSID f5cbbc89906b Credits Rio Darmawan Required...

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...

WordPress directory-pro Plugin < 1.9.5 is vulnerable to Privilege Escalation

Software directory-pro Type Plugin Vulnerable versions 1.9.5 Fixed in 1.9.5 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 27a5e48fd1cc Credits Omar Badran Required privilege...

WordPress Products Compare for WooCommerce Plugin <= 3.5.7.7 is vulnerable to Broken Access Control

Software Products Compare for WooCommerce Type Plugin Vulnerable versions = 3.5.7.7 Fixed in 3.5.7.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f7685c0ec49a Credits István...

WordPress WooSupply – Suppliers, Supply Orders and Stock Management Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF)

Software WooSupply – Suppliers, Supply Orders and Stock Management Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f4ff6d9dbad...

WordPress Slimstat Analytics Plugin <= 4.9.3.2 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 4.9.3.2 Fixed in 4.9.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0630 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 4253ca9a6d2d Credits Marc Montpas Required privilege Subscribe...

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0585 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 21a22db087a8 Credits WordFence Required...

WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software The Post Grid Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46853 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID b0d360a29dab Credits Muhammad Daffa Require...

WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...

WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25472 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1974c1ffec51 Credits yuyudhn...

WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...

WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45068 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b67044142b86 Credi...