45929 matches found
WordPress Slider Revolution Plugin <= 6.6.12 is vulnerable to Arbitrary File Upload
Software Slider Revolution Type Plugin Vulnerable versions = 6.6.12 Fixed in 6.6.13 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2023-2359 Patch priority Low CVSS severity Low 9.1 Developer ThemePunch PSID 48e5307584b9 Credits Marco Frison Required privilege...
WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection
Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...
WordPress Scripts n Styles Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)
Software Scripts n Styles Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31236 Patch priority Low CVSS severity Low 5.9 Developer unFocus Projects PSID 915405d90808 Credits konagash Required...
WordPress WPCS Plugin <= 1.1.9 is vulnerable to Broken Access Control
Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2556 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 05cf802e36e5 Credits Alex Thomas Required privilege...
WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...
WordPress Injection Guard Plugin <= 1.2.1 is vulnerable to Broken Access Control
Software Injection Guard Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32574 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1c70e6bd7c94 Credits Abdi Pranata Required privile...
WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to Privilege Escalation
Software Woodmart Core Type Plugin Vulnerable versions = 1.0.36 Fixed in 1.0.37 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-32244 Patch priority High CVSS severity High 9.8 Developer Xtemos PSID a0b94835d329 Credits Dave Jong Patchstack Required privile...
WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...
WordPress Advanced Custom Fields PRO Plugin <= 6.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.1.5 Fixed in 6.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 007d3de805e3 Credits Rafie...
WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
Software CMS Tree Page View Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30868 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 76d638e1b70d Credits LEE SE HYOUNG...
WordPress Vimeotheque Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Vimeotheque Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30498 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8e144c67d6a8 Credits Ivy TOOR, LISA Requir...
WordPress PowerPress Podcasting Plugin <= 10.0 is vulnerable to Cross Site Scripting (XSS)
Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.0 Fixed in 10.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1917 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2e844f252ce9 Credits Alex Thomas...
WordPress JetEngine Plugin < 3.1.3.1 is vulnerable to Remote Code Execution (RCE)
Software JetEngine Type Plugin Vulnerable versions 3.1.3.1 Fixed in 3.1.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1406 Patch priority High CVSS severity High 9.1 Developer Crocoblock PSID a91fe4278b33 Credits R3zk0n Required privilege Author Published 11...
WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection
Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.1 Fixed in 4.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46859 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 127ff2924c25 Credits Justiice Required privilege Subscriber Publishe...
WordPress Formidable Forms Plugin <= 6.1.2 is vulnerable to PHP Object Injection
Software Formidable Forms Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1405 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e0f1ba3999f1 Credits Nguyen Huu Do Required privilege...
WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)
Software Product Catalog Simple Type Plugin Vulnerable versions = 1.6.17 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48939529292d Credits minhtuana...
WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.85.4 Fixed in 2.85.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26015 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dfda53627d56 Credits Rafie Muhammad Patchstack Required...
WordPress institutions-directory Plugin < 1.3.1 is vulnerable to Privilege Escalation
Software institutions-directory Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3f4ecdce4fb1 Credits Omar Badran Required...
WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation
Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...
WordPress If Menu Plugin <= 0.16.3 is vulnerable to Broken Access Control
Software If Menu Type Plugin Vulnerable versions = 0.16.3 Fixed in 0.17.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41698 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6fd87b73bf2d Credits Nguyen Anh Tien Required...
WordPress Boostify Header Footer Builder for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Boostify Header Footer Builder for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5658880d810...
WordPress BuddyPress Builder for Elementor – BuddyBuilder Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software BuddyPress Builder for Elementor – BuddyBuilder Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID 8a84cf645ad6...
WordPress Bangladeshi Payment Gateways Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Bangladeshi Payment Gateways Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db46a03412a9 Credits István...
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin < 3.9.16 is vulnerable to Arbitrary File Upload
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions 3.9.16 Fixed in 3.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0477 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ad8cfc8bf738 Credits dc11 Required...
WordPress GN Publisher Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)
Software GN Publisher Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1080 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 791c76b450de Credits Marco Wotschka Required...
WordPress Japanized For WooCommerce Plugin <= 2.5.4 is vulnerable to Cross Site Scripting (XSS)
Software Japanized For WooCommerce Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0942 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8b189e4d7501 Credits Marco Wotsch...
WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Upload File Type Settings Plugin Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25781 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1b1468ec7ed1 Credits Rio Darmaw...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0722 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7e061023b7ce Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...
WordPress Wufoo Shortcode Plugin < 1.52 is vulnerable to Cross Site Scripting (XSS)
Software Wufoo Shortcode Type Plugin Vulnerable versions 1.52 Fixed in 1.52 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4679 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bb3df9d73484 Credits István Márton Required...
WordPress GS Products Slider for WooCommerce Plugin < 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software GS Products Slider for WooCommerce Type Plugin Vulnerable versions 1.5.9 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0492 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 912bee63a436 Credits...
WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...
WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)
Software DH – Anti AdBlocker Type Plugin Vulnerable versions = 36 Fixed in 37 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47162 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1473176655f8 Credits rezaduty Required...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS)
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.48 Fixed in 1.5.49 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47170 Patch priority Low CVSS severity Low 5.9 Developer Unlimited...
WordPress ChatBot Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)
Software ChatBot Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47613 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 55e5078b9db7 Credits Rafshanzani Suhada Required...
WordPress Intuitive Custom Post Order Plugin <= 3.1.4.1 is vulnerable to SQL Injection
Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.4.1 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1016 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID bd23d6b4e595 Credits Wordfence Required privilege...
WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Name Directory Type Plugin Vulnerable versions = 1.27.1 Fixed in 1.27.2 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-22692 Patch priority Low CVSS severity Low 4.3 Developer Jeroen Peters PSID 97cd32d13c24 Credits NeginNrb Require...
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)
Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...
WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...
WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection
Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...
WordPress MainWP Staging Extension Plugin <= 4.0.3 is vulnerable to Broken Access Control
Software MainWP Staging Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23639 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bd391a4b93d5 Credits Dave Jong...
WordPress Annual Archive Plugin < 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Annual Archive Type Plugin Vulnerable versions 1.6.0 Fixed in 1.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0178 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e447b05c3b01 Credits Lana Codes Required...
WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)
Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4703 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID c80fbc0d4bbd Credits Ramuel Gall Required...
WordPress RSS Aggregator by Feedzy Plugin < 4.1.1 is vulnerable to Cross Site Scripting (XSS)
Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4667 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cee226bbb884 Credits István Márt...
WordPress statfort Theme < 10 is vulnerable to Arbitrary File Upload
Software statfort Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 68bfdf44186f Credits Joshua Small Required privilege...
WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress WooSwipe WooCommerce Gallery plugin versions = 2.0.1. Solution No patched version is available. No reply from the vendor...
WordPress ULTIMATE TABLES plugin <= 1.6.5 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability
Unauth. Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ULTIMATE TABLES plugin versions = 1.6.5. Solution No patched version is available. No reply from the vendor...
WordPress Add Multiple Marker plugin <= 1.2 - Missing Access Control vulnerability
Missing Access Control vulnerability leading to unauth. plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...
WordPress Uji Countdown plugin <= 2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in the WordPress Uji Countdown plugin versions = 2.2. Solution Deactivate and delete. This plugin has been closed as of November 9, 2022 and is not available for download. This closure is temporary, pending a full revie...