46629 matches found
WordPress Profile Extra Fields by BestWebSoft Plugin <= 1.2.7 is vulnerable to Broken Access Control
Software Profile Extra Fields by BestWebSoft Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4469 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 924ab2d92750 Credits Alex Thoma...
WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Short URL Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45058 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 885f8c812def Credits Mika Required privilege...
WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software LeadSquared Suite Type Plugin Vulnerable versions = 0.7.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45047 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 660c9e832776 Credits yuyudhn Required...
WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control
Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...
WordPress WP User Control Plugin <= 1.5.3 is vulnerable to Other Vulnerability Type
Software WP User Control Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2023-4915 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5604d612e4e9 Credits Lana Codes Required privilege...
WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.4 is vulnerable to Broken Access Control
Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.4 Fixed in 0.6.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41869 Patch priority Low CVSS severity Low 4.3 Developer Alexander Volkov PSID e746c281667d Credits thiennv...
WordPress SendPress Newsletters Plugin <= 1.23.11.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software SendPress Newsletters Type Plugin Vulnerable versions = 1.23.11.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41730 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID afb124386373 Credits yuyudhn...
WordPress Woocommerce Support System Plugin <= 1.2.1 is vulnerable to SQL Injection
Software Woocommerce Support System Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-41685 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c2b73ca8019a Credits Mika Required privilege Administrator...
WordPress Tilda Publishing Plugin <= 0.3.23 is vulnerable to Broken Access Control
Software Tilda Publishing Type Plugin Vulnerable versions = 0.3.23 Fixed in 0.3.24 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31234 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f643ff3b43ab Credits spacecroupier Requir...
WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control
Software All-in-One WP Migration Dropbox Extension Type Plugin Vulnerable versions = 3.75 Fixed in 3.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 517b1424056f Credits Raf...
WordPress Forminator Plugin <= 1.24.6 is vulnerable to Arbitrary File Upload
Software Forminator Type Plugin Vulnerable versions = 1.24.6 Fixed in 1.25.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4596 Patch priority High CVSS severity High 9.8 Developer WPMU DEV PSID c13bf0eea10b Credits mehmet Required privilege Unauthenticated Publishe...
WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)
Software Easy Coming Soon Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d32749ab7ef6 Credits Rio Darmawan Required...
WordPress Tabs & Accordion Plugin <= 1.3.10 is vulnerable to Content Injection
Software Tabs & Accordion Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-40557 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2f516072a35d Credits Abdi Pranata Required privilege Contributor...
WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Broken Access Control
Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1430c7736a5b Credits István Márton...
WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP HTML Mail Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40202 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 21db8a0a2110 Credits István Márton Required...
WordPress Avada Theme <= 7.11.1 is vulnerable to Server Side Request Forgery (SSRF)
Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-39313 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID 8a9512654743 Credits Rafie Muhammad Patchstack...
WordPress Advanced Custom Fields Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad8c9dc6f2b9 Credits Satoo Nakano...
WordPress WP Brutal AI Plugin < 2.06 is vulnerable to Cross Site Scripting (XSS)
Software WP Brutal AI Type Plugin Vulnerable versions 2.06 Fixed in 2.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 658179337e78 Credits Taurus Omar Required privilege...
WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection
Software Integration for WooCommerce and Zoho CRM Type Plugin Vulnerable versions 1.3.7 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2023-38481 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 39fbc1d90c72 Credits Phd...
WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software WpStream – Live Streaming, Video on Demand, Pay Per View Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-38512 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership...
WordPress Pinpoint Booking System Plugin <= 2.9.9.3.4 is vulnerable to Content Spoofing
Software Pinpoint Booking System Type Plugin Vulnerable versions = 2.9.9.3.4 Fixed in 2.9.9.3.5 OWASP Top 10 A1: Injection Classification Content Spoofing CVE CVE-2023-38520 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b94b02c0ce93 Credits yuyudhn Required privilege...
WordPress Borderless Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Borderless Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-38518 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c49a317f00bf Credits Rio Darmawan Required...
WordPress HT Mega Plugin <= 2.2.0 is vulnerable to Privilege Escalation
Software HT Mega Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37999 Patch priority High CVSS severity High 9.8 Developer HTMega PSID bbe5238c947f Credits Rafie Muhammad Patchstac...
WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Authors List Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37981 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 38312864f014 Credits LEE SE HYOUNG hackintoanetwork...
WordPress Download IP2Location Country Blocker Plugin <= 2.29.1 is vulnerable to Bypass Vulnerability
Software Download IP2Location Country Blocker Type Plugin Vulnerable versions = 2.29.1 Fixed in 2.29.2 OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2023-37865 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a1b65359a367 Credits Mika Required...
WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Broken Access Control
Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37869 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09e72b9c3acf Credits Rafie Muhammad Patchstack...
WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS)
Software WP-Optimize Type Plugin Vulnerable versions 3.2.13 Fixed in 3.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74a58d2a57e4 Credits Paolo Elia Required...
WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.68 is vulnerable to Broken Access Control
Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.68 Fixed in 3.3.69 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8bdf6fb868a6...
WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
Software NOO Timetable Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d615de5bc83f Credits Cat Required privilege...
WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software AutomateWoo Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.7.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID baa4f71a9406 Credits Rafie Muhammad Patchsta...
WordPress MaxButtons Plugin <= 9.5.3 is vulnerable to Cross Site Scripting (XSS)
Software MaxButtons Type Plugin Vulnerable versions = 9.5.3 Fixed in 9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36503 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 24d386e76da8 Credits Rafshanzani Suhada Required...
WordPress MonsterInsights Pro Plugin <= 8.14.1 is vulnerable to Cross Site Scripting (XSS)
Software MonsterInsights Pro Type Plugin Vulnerable versions = 8.14.1 Fixed in 8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32291 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c1883d581be Credits Rafie Muhammad...
WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control
Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...
WordPress Page Builder with Image Map by AZEXO Plugin <= 1.27.133 is vulnerable to Broken Access Control
Software Page Builder with Image Map by AZEXO Type Plugin Vulnerable versions = 1.27.133 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3053 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bcb4f38dcc4d Credits...
WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Advanced Flat rate shipping Woocommerce Type Plugin Vulnerable versions = 1.6.4.4 Fixed in 1.6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34015 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 47ba6a8a749f...
WordPress Slider Revolution Plugin <= 6.6.12 is vulnerable to Arbitrary File Upload
Software Slider Revolution Type Plugin Vulnerable versions = 6.6.12 Fixed in 6.6.13 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2023-2359 Patch priority Low CVSS severity Low 9.1 Developer ThemePunch PSID 48e5307584b9 Credits Marco Frison Required privilege...
WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection
Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...
WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)
Software Rank Math SEO PRO Type Plugin Vulnerable versions = 3.0.35 Fixed in 3.0.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32800 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 436b3db030cf Credits Rafie Muhamma...
WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)
Software WP htaccess Control Type Plugin Vulnerable versions = 3.5.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25462 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80f0815b94aa Credits Rio Darmawan Required...
WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.3 Fixed in 1.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32960 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID d64e914c934f Credits Rafie Muhammad...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...
WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection
Software Ultimate Addons for Contact Form 7 Type Plugin Vulnerable versions = 3.1.23 Fixed in 3.1.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47586 Patch priority High CVSS severity High 8.2 Developer Themefic PSID 7a22cfa758d5 Credits minhtuanact Required privilege...
WordPress Product Catalog Feed by PixelYourSite Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Product Catalog Feed by PixelYourSite Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1804 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 27de0c95fe70 Credits...
WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
Software CMS Tree Page View Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30868 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 76d638e1b70d Credits LEE SE HYOUNG...
WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...
WordPress PowerPress Podcasting Plugin <= 10.0 is vulnerable to Cross Site Scripting (XSS)
Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.0 Fixed in 10.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1917 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2e844f252ce9 Credits Alex Thomas...
WordPress JetEngine Plugin < 3.1.3.1 is vulnerable to Remote Code Execution (RCE)
Software JetEngine Type Plugin Vulnerable versions 3.1.3.1 Fixed in 3.1.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1406 Patch priority High CVSS severity High 9.1 Developer Crocoblock PSID a91fe4278b33 Credits R3zk0n Required privilege Author Published 11...
WordPress Formidable Forms Plugin <= 6.1.2 is vulnerable to PHP Object Injection
Software Formidable Forms Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1405 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e0f1ba3999f1 Credits Nguyen Huu Do Required privilege...
WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)
Software Product Catalog Simple Type Plugin Vulnerable versions = 1.6.17 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48939529292d Credits minhtuana...
WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.85.4 Fixed in 2.85.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26015 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dfda53627d56 Credits Rafie Muhammad Patchstack Required...