WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPT Shortcode Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8bfa1d036efa Credits Lokesh Dachepalli...

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software IMPress Listings Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7bfb35b30d5c Credits Nguyen Anh Tien Required...

WordPress Bold Timeline Lite Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software Bold Timeline Lite Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bdcbeb46656d Credits Abdi Pranata Required...

WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure

Software WP Ultimate Exporter Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2487 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID b22ef0e23a4e Credits Jonas Höbenreic...

WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload

Software Dropshipping & Affiliation with Amazon Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-31215 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fe2de1908435 Credits spacecroupier...

WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Woo Custom Emails Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45004 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f7004d396a0 Credits Nguyen Xuan Chien...

WordPress Mediavine Control Panel Plugin <= 2.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mediavine Control Panel Type Plugin Vulnerable versions = 2.10.2 Fixed in 2.10.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44259 Patch priority Low CVSS severity Low 4.3 Developer Mediavine PSID d5d78ea56f25 Credits Rio Darmawan...

WordPress Mang Board WP Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mang Board WP Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 71665df9fe3b Credits Rio Darmawan Required...

WordPress WP Job Portal Plugin <= 2.0.5 is vulnerable to SQL Injection

Software WP Job Portal Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4490 Patch priority High CVSS severity High 9.3 Developer Ahmad PSID 9b020cd17632 Credits Pablo Sanchez Required privilege Unauthenticated Published 2...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...

WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control

Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...

WordPress MasterStudy LMS Plugin < 3.0.18 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.0.18 Fixed in 3.0.18 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4278 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 7e43b36b9353 Credits Revan...

WordPress ProfilePress Plugin <= 4.13.1 is vulnerable to Broken Access Control

Software ProfilePress Type Plugin Vulnerable versions = 4.13.1 Fixed in 4.13.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41953 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5739c8dcaf0e Credits Abdi Pranata Required privileg...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4598 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8c9d4c888c2a Credits WordFence Required privilege Contributor...

WordPress Email Newsletter Plugin <= 7.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Newsletter Type Plugin Vulnerable versions = 7.8.9 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05a4feb47c5b Credits Lana Codes Required...

WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Locations Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81c369e01ba7 Credits Rio Darmawan Required privilege...

WordPress Multi-column Tag Map Plugin <= 17.0.26 is vulnerable to Broken Access Control

Software Multi-column Tag Map Type Plugin Vulnerable versions = 17.0.26 Fixed in 17.0.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-41651 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 543c5fba661a Credits Rio Darmawan Require...

WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Snap Pixel Type Plugin Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41242 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 81eb2fe06a20 Credits Rio Darmawan Required privileg...

WordPress Cartpauj Register Captcha Plugin <= 1.0.02 is vulnerable to Bypass Vulnerability

Software Cartpauj Register Captcha Type Plugin Vulnerable versions = 1.0.02 Fixed in 2.0.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-40673 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2347148519cf Credits qilin99 Require...

WordPress Kangu para WooCommerce Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Kangu para WooCommerce Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.2.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32296 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c45e61061ad1 Credits Jonas...

WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1430c7736a5b Credits István Márton...

WordPress User Activity Tracking and Log Plugin < 4.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software User Activity Tracking and Log Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8eda0dc496af Credits Erwan L...

WordPress Advanced Custom Fields Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad8c9dc6f2b9 Credits Satoo Nakano...

WordPress InstaWP Connect Plugin <= 0.0.9.18 is vulnerable to Broken Access Control

Software InstaWP Connect Type Plugin Vulnerable versions = 0.0.9.18 Fixed in 0.0.9.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3956 Patch priority High CVSS severity High 9.8 Developer InstaWP PSID 2b066ee4e3c0 Credits Lana Codes Required privilege...

WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Update Theme and Plugins from Zip File Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25489 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0461fa05dda Credit...

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Broken Access Control

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38393 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 44e08fdf7aed Credits Rafie Muhammad Patchstack...

WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection

Software Integration for WooCommerce and QuickBooks Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Security Misconfiguration Classification Open Redirection CVE CVE-2023-38478 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 778188f97559 Credits Phd...

WordPress Media Library Categories Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Categories Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36382 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3d7aad62f83d Credits Jeong Seong Ho...

WordPress Audio Player with Playlist Ultimate Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Audio Player with Playlist Ultimate Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-38516 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dabac0be2565 Credits Rio...

WordPress AnyWhere Elementor Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software AnyWhere Elementor Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WPVibes PSID 929510fc606c Credits Rafie Muhammad Patchstack Required...

WordPress Variable Product Swatches for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Variable Product Swatches for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID af47ebf471b2 Credits Rafie...

WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32741 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7672258ac26c Credits Arvandy Required privilege Administrator...

WordPress HT Mega Plugin <= 2.2.0 is vulnerable to Privilege Escalation

Software HT Mega Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37999 Patch priority High CVSS severity High 9.8 Developer HTMega PSID bbe5238c947f Credits Rafie Muhammad Patchstac...

WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Authors List Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37981 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 38312864f014 Credits LEE SE HYOUNG hackintoanetwork...

WordPress WP Reroute Email Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Reroute Email Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3168 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9825e4909398 Credits Alex Thomas Required...

WordPress Secondary Title Plugin <= 2.0.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Secondary Title Type Plugin Vulnerable versions = 2.0.9.1 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28773 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7e2f601fb066 Credits TaeEun Lee Required...

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3179 Patch priority Low CVSS severity Low 8.8 Developer WPExperts PSID a42127c2ce5a Credits Erwan LR WPScan Required privilege...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36681 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ec249fa35f9a...

WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software NOO Timetable Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d615de5bc83f Credits Cat Required privilege...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Remote Code Execution (RCE)

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2877 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 64ee0a3444e8 Credits Alex Sanford Required privilege...

WordPress MStore API Plugin <= 4.0.1 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3197 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7aeff12fe9e3 Credits Truoc Phan / An Đặng Required privilege Unauthenticat...

WordPress USM Premium Plugin < 16.3 is vulnerable to Cross Site Scripting (XSS)

Software USM Premium Type Plugin Vulnerable versions 16.3 Fixed in 16.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1166 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2fffba6c645d Credits Mohamed Selim Required privilege...

WordPress Photo Gallery by 10Web Plugin <= 1.8.15 is vulnerable to Broken Access Control

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.15 Fixed in 1.8.16 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33995 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0293acc0bbe3 Credits Rafshanzani Suhada...

WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software MojoPlug Slide Panel Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23807 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a537c89d392b Credits Rio Darmawan Require...

WordPress SupportCandy Plugin < 3.1.7 is vulnerable to SQL Injection

Software SupportCandy Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2805 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a697ebaed446 Credits dc11 Required privilege Administrator Published 19 June...

WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35093 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fe9a14774ad1 Credits Rafshanzani Suhada...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to CSV Injection

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-0721 Patch priority Low CVSS severity Low 4.7 Developer Wpmet PSID 2f722b3f2145 Credits Ramuel Gall Required privilege...

WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1166 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e1cf41a27d19 Credits Mohamed Selim...

WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Broken Access Control

Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2545 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 109ff0ae5394 Credits Lana Codes Required...