WordPress Widgets for Capterra Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Capterra Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 7376afb72618 Credits Rafie Muhammad Patchstac...

WordPress JetEngine Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software JetEngine Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48758 Patch priority High CVSS severity High 7.1 Developer Crocoblock PSID 14b80894884d Credits Rafie Muhammad Patchstack Required...

WordPress Swift Performance Lite Plugin <= 2.3.6.14 is vulnerable to Broken Access Control

Software Swift Performance Lite Type Plugin Vulnerable versions = 2.3.6.14 Fixed in 2.3.6.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6289 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4c96690d3565 Credits Krzysztof Zając...

WordPress JetProductGallery Plugin <= 2.1.13.1 is vulnerable to Broken Access Control

Software JetProductGallery Type Plugin Vulnerable versions = 2.1.13.1 Fixed in 2.1.13.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 7e68b6745d20 Credits Rafie Muhammad...

WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Salient Core Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48749 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ef3d6f0a3d43 Credits Rafie Muhammad Patchstack Required...

WordPress Userpro Plugin <= 5.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2497 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7210ffe49db6 Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Broken Access Control

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-2448 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d9e8e6635e89 Credits István Márton Required privilege...

WordPress wpForo Forum Plugin <= 2.2.5 is vulnerable to Content Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-47869 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e9607ec97842 Credits Jesse McNeil Required privilege...

WordPress Forminator Plugin <= 1.27.0 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.27.0 Fixed in 1.28.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6133 Patch priority Low CVSS severity Low 6.6 Developer WPMU DEV PSID e543496c8db2 Credits István Márton Required privilege Administrator...

WordPress WooCommerce Blocks Plugin <= 11.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Blocks Type Plugin Vulnerable versions = 11.1.1 Fixed in 11.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47777 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99320ddb7175 Credits Rafie Muhammad Patchstack Require...

WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Footer Putter Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47768 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4553836a22ef Credits Le Ngoc Anh Required...

WordPress WP Featured Content and Slider Plugin <= 1.6 is vulnerable to Broken Access Control

Software WP Featured Content and Slider Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 1176a8e895c8 Credits Abdi Pranata...

WordPress UserHeat Plugin Plugin < 1.1.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software UserHeat Plugin Type Plugin Vulnerable versions 1.1.11 Fixed in 1.1.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47553 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3bac4cc0a295 Credits LEE SE HYOUNG...

WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress Image horizontal reel scroll slideshow Plugin <= 13.2 is vulnerable to SQL Injection

Software Image horizontal reel scroll slideshow Type Plugin Vulnerable versions = 13.2 Fixed in 13.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5412 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 4f2c4949819b Credits István Márton Required...

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...

WordPress Bonus for Woo Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Bonus for Woo Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5140 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bebc071bb4a6 Credits Enrico Marcolini...

WordPress Neon text Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Neon text Type Plugin Vulnerable versions = 1.1 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5817 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3b1607d0a011 Credits Dmitrii Ignatyev Required privileg...

WordPress Very Simple Google Maps Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Very Simple Google Maps Type Plugin Vulnerable versions = 2.9 Fixed in 2.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5744 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 645d33a00b1e Credits Lana Codes Require...

WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Original texts Yandex WebMaster Type Plugin Vulnerable versions = 1.18 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46775 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55bd78b06bda Credits Nguyen...

WordPress Custom My Account for Woocommerce Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom My Account for Woocommerce Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46634 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 57a74cf6a7e6 Credits qilin...

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to Arbitrary File Deletion

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-3155 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID ce42760e71e9 Credits Linwz from DEVCORE Required...

WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Eupago Gateway For Woocommerce Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.1.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45638 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 84bb9fde48fb Credits...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5534 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dd9ca26e2bc4 Credits Marco Wotschka Required...

WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Gallery Type Plugin Vulnerable versions = 2.3.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45752 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e7bbac19db20 Credits Mika Required privilege...

WordPress Profile Extra Fields by BestWebSoft Plugin <= 1.2.7 is vulnerable to Broken Access Control

Software Profile Extra Fields by BestWebSoft Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4469 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 924ab2d92750 Credits Alex Thoma...

WordPress WPvivid Backup and Migration Plugin <= 0.9.89 is vulnerable to Cross Site Scripting (XSS)

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.89 Fixed in 0.9.90 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5121 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e1420d6f67a7 Credits Ivan...

WordPress Feeds for YouTube Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Feeds for YouTube Type Plugin Vulnerable versions = 2.1 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4841 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9fd258b26a01 Credits Lana Codes Required...

WordPress WP User Control Plugin <= 1.5.3 is vulnerable to Other Vulnerability Type

Software WP User Control Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2023-4915 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5604d612e4e9 Credits Lana Codes Required privilege...

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.4 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.4 Fixed in 0.6.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41869 Patch priority Low CVSS severity Low 4.3 Developer Alexander Volkov PSID e746c281667d Credits thiennv...

WordPress Forminator Plugin <= 1.24.6 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.24.6 Fixed in 1.25.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4596 Patch priority High CVSS severity High 9.8 Developer WPMU DEV PSID c13bf0eea10b Credits mehmet Required privilege Unauthenticated Publishe...

WordPress JupiterX Core Plugin <= 3.3.8 is vulnerable to Privilege Escalation

Software JupiterX Core Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-38389 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID bb67776164d1 Credits Rafie...

WordPress Simple URLs Plugin <= 117 is vulnerable to Cross Site Scripting (XSS)

Software Simple URLs Type Plugin Vulnerable versions = 117 Fixed in 118 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40667 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc177aa51fb0 Credits Rafshanzani Suhada Requir...

WordPress CT Commerce Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software CT Commerce Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40007 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 03b22abe2aaa Credits Nithissh S Required privilege...

WordPress Advanced File Manager Plugin < 5.1.1 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions 5.1.1 Fixed in 5.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3814 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID c11d3f659c9c Credits Dmitrii Required...

WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP HTML Mail Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40202 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 21db8a0a2110 Credits István Márton Required...

WordPress Avada Theme <= 7.11.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-39313 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID 8a9512654743 Credits Rafie Muhammad Patchstack...

WordPress User Activity Tracking and Log Plugin < 4.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software User Activity Tracking and Log Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8eda0dc496af Credits Erwan L...

WordPress Advanced Custom Fields Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad8c9dc6f2b9 Credits Satoo Nakano...

WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30491 Patch priority Medium CVSS severity Medium 7.1 Developer Codebard PSID 9bd81d51b303...

WordPress Media Library Categories Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Categories Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36382 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3d7aad62f83d Credits Jeong Seong Ho...

WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection

Software Integration for WooCommerce and Zoho CRM Type Plugin Vulnerable versions 1.3.7 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2023-38481 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 39fbc1d90c72 Credits Phd...

WordPress Pinpoint Booking System Plugin <= 2.9.9.3.4 is vulnerable to Content Spoofing

Software Pinpoint Booking System Type Plugin Vulnerable versions = 2.9.9.3.4 Fixed in 2.9.9.3.5 OWASP Top 10 A1: Injection Classification Content Spoofing CVE CVE-2023-38520 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b94b02c0ce93 Credits yuyudhn Required privilege...

WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smarty for WordPress Type Plugin Vulnerable versions = 3.1.35 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37992 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61374bdcfc42 Credits Prasanna V Bala...

WordPress Divi Carousel Lite - Image Carousel, Logo Carousel, Testimonial Carousel Slider and more Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Divi Carousel Lite - Image Carousel, Logo Carousel, Testimonial Carousel Slider and more Type Plugin Vulnerable versions = 1.6.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Cla...

WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Generator Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37988 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4da7e4864bf8 Credits Arvandy...