WordPress Inline Image Upload for BBPress Plugin <= 1.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Inline Image Upload for BBPress Type Plugin Vulnerable versions = 1.1.18 Fixed in 1.1.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51668 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 88c8c5d6ca9e Credits...

WordPress Easy Digital Downloads Plugin <= 3.1.5 is vulnerable to Broken Access Control

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40005 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 74a0ce20813d Credits Nguyen Anh Tien...

WordPress Paid Memberships Pro Plugin <= 2.12.5 is vulnerable to Broken Access Control

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.5 Fixed in 2.12.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6855 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb6688b14c42 Credits Webbernaut Required...

WordPress MW WP Form Plugin <= 5.0.3 is vulnerable to Arbitrary File Deletion

Software MW WP Form Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2023-6559 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 24368a3488f4 Credits Thomas Sanzey Required privilege...

WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Type Plugin Vulnerable versions = 1.49.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49855 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Responsive Slick Slider WordPress Plugin <= 1.4 is vulnerable to Content Injection

Software Responsive Slick Slider WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-49852 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6149e117fdc9 Credits Abdi Pranata Required privilege...

WordPress Burst Statistics Plugin 1.4.0-1.4.6.1 is vulnerable to SQL Injection

Software Burst Statistics Type Plugin Vulnerable versions 1.4.0-1.4.6.1 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-5761 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ee7f5ff024e3 Credits German Ritter Required privilege...

WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for Contact Form 7 Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49766 Patch priority High CVSS severity High 7.1 Developer Themefic PSID faa03e459da6 Credits RE-ALTER Required...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Local File Inclusion

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-49753 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 193f6f83729d Credits RE-ALTER Required privilege Unauthenticated...

WordPress PowerPack Pro for Elementor Plugin <= 2.9.23 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.9.23 Fixed in 2.9.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49739 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2b872117ab59 Credits Rafie Muhammad...

WordPress Automatic Youtube Video Posts Plugin Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Youtube Video Posts Plugin Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49180 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2f23eed8b8ab Credits...

WordPress Parallax Slider Block Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Parallax Slider Block Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49184 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 42f6243bda32 Credits emad Required privilege Author...

WordPress SiteOrigin Widgets Bundle Plugin <= 1.50.1 is vulnerable to Local File Inclusion

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.50.1 Fixed in 1.51.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6295 Patch priority Low CVSS severity Low 7.4 Developer Claim ownership PSID d65c4e36bd60 Credits Sebastian Neef Required privile...

WordPress Aruba HiSpeed Cache Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure

Software Aruba HiSpeed Cache Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44983 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e52ca8ff914d Credits Josh...

WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Broken Access Control

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.8.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 51b603280bfd Credits Rafie Muhammad...

WordPress JetMenu Plugin <= 2.4.1 is vulnerable to Broken Access Control

Software JetMenu Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID d2123458ae3d Credits Rafie Muhammad Patchstack Required...

WordPress JetReviews Plugin <= 2.3.2 is vulnerable to Broken Access Control

Software JetReviews Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 92a291e17f08 Credits Rafie Muhammad Patchstack...

WordPress Widgets for Yelp Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Yelp Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 323b86ec1718 Credits Rafie Muhammad Patchstack...

WordPress Evergreen Content Poster Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Evergreen Content Poster Type Plugin Vulnerable versions = 1.4 Fixed in 1.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41127 Patch priority Low CVSS severity Low 5.9 Developer Evergreen Content Poster PSID 35d54e5980dd Credits DoYeon Park p6rkdoye0n...

WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection

Software Landing Page Builder Type Plugin Vulnerable versions = 1.5.1.5 Fixed in 1.5.1.6 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2023-48325 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID cde57cbd94f8 Credits minhtuanact Required privilege...

WordPress Consensu.io Plugin <= 1.0.3 is vulnerable to Broken Access Control

Software Consensu.io Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48280 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 201ca0513d57 Credits Skalucy Required privilege...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2437 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9aac076e3030 Credits István Márton...

WordPress Forminator Plugin <= 1.27.0 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.27.0 Fixed in 1.28.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6133 Patch priority Low CVSS severity Low 6.6 Developer WPMU DEV PSID e543496c8db2 Credits István Márton Required privilege Administrator...

WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.15 Fixed in 6.6.16 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-47784 Patch priority Low CVSS severity Low 8.4 Developer ThemePunch PSID 92c233355a76 Credits Rafie Muhammad Patchstack Required privile...

WordPress Qi Addons For Elementor Plugin <= 1.6.3 is vulnerable to Local File Inclusion

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-47679 Patch priority Low CVSS severity Low 6.4 Developer Qode Interactive PSID 98637ff4d4c9 Credits Rafie Muhammad Patchstack Require...

WordPress Gift Up Gift Cards for WordPress and WooCommerce Plugin <= 2.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Gift Up Gift Cards for WordPress and WooCommerce Type Plugin Vulnerable versions = 2.20.1 Fixed in 2.20.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0298ef7e8e...

WordPress EazyDocs Plugin <= 2.3.5 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47648 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 25f152946ed4 Credits Skalucy Required privilege...

WordPress Atarim Plugin <= 3.12 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.12 Fixed in 3.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47544 Patch priority High CVSS severity High 7.1 Developer Atarim PSID b93ef735606c Credits lttn Required privilege Unauthenticated Published 7...

WordPress WP Crowdfunding Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Crowdfunding Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47532 Patch priority High CVSS severity High 5.8 Developer Claim ownership PSID 6353d577e913 Credits Khalid Yusuf Required privilege...

WordPress Star CloudPRNT for WooCommerce Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Star CloudPRNT for WooCommerce Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47514 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a1ab953b581 Credits Le...

WordPress WD WidgetTwitter Plugin <= 1.0.9 is vulnerable to SQL Injection

Software WD WidgetTwitter Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5709 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c5d291d814d2 Credits Lana Codes Required privilege Contributor Published...

WordPress The Plus Addons for Elementor Pro Plugin <= 5.2.8 is vulnerable to Local File Inclusion

Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-47178 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 0501be93705b Credits Rafie Muhammad...

WordPress WooODT Lite Plugin <= 2.4.6 is vulnerable to Broken Access Control

Software WooODT Lite Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47179 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 2fb9ad49f21d Credits Abdi Pranata Required privilege...

WordPress Image horizontal reel scroll slideshow Plugin <= 13.2 is vulnerable to SQL Injection

Software Image horizontal reel scroll slideshow Type Plugin Vulnerable versions = 13.2 Fixed in 13.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5412 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 4f2c4949819b Credits István Márton Required...

WordPress Live updates from Excel Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Live updates from Excel Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5116 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b029eafe8b8 Credits Alex Thomas...

WordPress Google Maps made Simple Plugin <= 0.6 is vulnerable to SQL Injection

Software Google Maps made Simple Type Plugin Vulnerable versions = 0.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5315 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9139046f56f6 Credits István Márton Required privilege Subscriber...

WordPress Bonus for Woo Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Bonus for Woo Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5140 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bebc071bb4a6 Credits Enrico Marcolini...

WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Feather Login Page Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46777 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 62aa1ddd991f Credits Mika Required...

WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31077 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3a34d8e80f8d Credits...

WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Remove Add to Cart WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46629 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f20769dad826 Credits...

WordPress Simple User Listing Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple User Listing Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32298 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4082207ac5d1 Credits Emili Castell...

WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection

Software KD Coming Soon Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-46615 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 340885e1964a Credits Mika Required privilege Unauthenticated...

WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Broken Access Control

Software WP iCal Availability Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46607 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 887007a8be82 Credits Abdi Pranata Required...

WordPress Convertful – Your Ultimate On-Site Conversion Tool Plugin <= 2.5 is vulnerable to Broken Access Control

Software Convertful – Your Ultimate On-Site Conversion Tool Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46605 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9a3a7f4759bc Credit...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

WordPress Team Showcase Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Team Showcase Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5639 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b98d06c1b712 Credits István Márton Required privile...

WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Novo-Map : your WP posts on custom google maps Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46190 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d805e0cb863...

WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Builder, Contact Widget Type Plugin Vulnerable versions = 2.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46075 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c2d6ac7f320 Credit...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45756 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID...