WordPress Slider Revolution Plugin <= 6.6.12 is vulnerable to Arbitrary File Upload

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.12 Fixed in 6.6.13 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2023-2359 Patch priority Low CVSS severity Low 9.1 Developer ThemePunch PSID 48e5307584b9 Credits Marco Frison Required privilege...

WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software bbPress Toolkit Type Plugin Vulnerable versions = 1.0.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34031 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97325c505989 Credits thiennv Required...

WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-25700 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID a985405069a7 Credits Rafie Muhammad Patchstack Required privilege...

WordPress WooCommerce Product Categories Selection Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Categories Selection Widget Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33925 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 979c53a7a2...

WordPress MPG Plugin <= 3.3.19 is vulnerable to SQL Injection

Software MPG Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.3.20 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-33927 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ad0baec3bee8 Credits LEE SE HYOUNG hackintoanetwork Required privilege...

WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WP htaccess Control Type Plugin Vulnerable versions = 3.5.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25462 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80f0815b94aa Credits Rio Darmawan Required...

WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Software Essential Addons for Elementor Pro Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-32245 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6f79f41d4291 Credits...

WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation

Software Essential Addons for Elementor Type Plugin Vulnerable versions 5.4.0-5.7.1 Fixed in 5.7.2 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-32243 Patch priority High CVSS severity High 9.8 Developer WPDeveloper PSID 9f77d447be67 Credits Rafie Muhamma...

WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Motors – Car Dealer & Classified Ads Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38716 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 076e6b4c8854 Credit...

WordPress Neshan Maps Plugin <= 1.1.4 is vulnerable to SQL Injection

Software Neshan Maps Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47426 Patch priority Low CVSS severity Low 6 Developer Claim ownership PSID f0ba475f15f1 Credits minhtuanact Required privilege Administrator Published 13...

WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Sensitive Data Exposure

Software WP Tiles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1426 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0ecd1ecdc31a Credits Erwan LR WPScan Required...

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db4d6da8779...

WordPress BuddyPress Builder for Elementor – BuddyBuilder Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software BuddyPress Builder for Elementor – BuddyBuilder Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID 8a84cf645ad6...

WordPress Bangladeshi Payment Gateways Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bangladeshi Payment Gateways Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db46a03412a9 Credits István...

WordPress Boostify Header Footer Builder for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Boostify Header Footer Builder for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5658880d810...

WordPress Stylish Cost Calculator Plugin <= 7.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stylish Cost Calculator Type Plugin Vulnerable versions = 7.3.6 Fixed in 7.3.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4ab3df3ad99b Credits István Márt...

WordPress Popup Maker Plugin <= 1.17.1 is vulnerable to Sensitive Data Exposure

Software Popup Maker Type Plugin Vulnerable versions = 1.17.1 Fixed in 1.18.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-47597 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d6552fe3bb39 Credits rezaduty Required privilege...

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS)

Software WP Custom Fields Search Type Plugin Vulnerable versions = 1.2.34 Fixed in 1.2.35 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47157 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7498e4b584cc Credits Justiice...

WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF)

Software TeraWallet – For WooCommerce Type Plugin Vulnerable versions = 1.3.24 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-40198 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 35694eeb3788 Credits...

WordPress Service Area Postcode Checker Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Service Area Postcode Checker Type Plugin Vulnerable versions = 2.0.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25782 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2a4222cc069d Credits Rio Darmawa...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0084 Patch priority High CVSS severity High 7.1 Developer Wpmet PSID 06d2857720ad Credits Mohammed ...

WordPress GS Products Slider for WooCommerce Plugin < 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software GS Products Slider for WooCommerce Type Plugin Vulnerable versions 1.5.9 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0492 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 912bee63a436 Credits...

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7bcc03da4182 Credits Marco Wotschka Ivan...

WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection

Software Noptin Type Plugin Vulnerable versions = 1.9.5 Fixed in 1.10.0 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-46803 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 08ef06d5753a Credits Mika Required privilege Unauthenticated Published 27...

WordPress Bootstrap Shortcodes Plugin <= 3.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Shortcodes Type Plugin Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4777 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b9c1c40bdcb0 Credits István Márton...

WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45808 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c30856175358 Credits Fadilah Agung Nugraha Required privilege...

WordPress MainWP Staging Extension Plugin <= 4.0.3 is vulnerable to Broken Access Control

Software MainWP Staging Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23639 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bd391a4b93d5 Credits Dave Jong...

WordPress Google Analytics by Monster Insights Plugin < 8.12.1 is vulnerable to Cross Site Scripting (XSS)

Software Google Analytics by Monster Insights Type Plugin Vulnerable versions 8.12.1 Fixed in 8.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0081 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 30ac1c972f6b Credi...

WordPress HUSKY Plugin < 1.3.2 is vulnerable to PHP Object Injection

Software HUSKY Type Plugin Vulnerable versions 1.3.2 Fixed in 1.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4489 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID acfadb3bf3ab Credits thinhnguyen1337 Required privilege Administrator...

WordPress Hide My WP Plugin < 6.2.9 is vulnerable to SQL Injection

Software Hide My WP Type Plugin Vulnerable versions 6.2.9 Fixed in 6.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-4681 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ad94e6b8ba54 Credits Xenofon Vassilakopoulos Required privilege...

WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...

WordPress Product Slider and Carousel with Category for WooCommerce Plugin < 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Product Slider and Carousel with Category for WooCommerce Type Plugin Vulnerable versions 2.8 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4791 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID...

WordPress RSS Aggregator by Feedzy Plugin < 4.1.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4667 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cee226bbb884 Credits István Márt...

WordPress footysquare Theme < 10 is vulnerable to Arbitrary File Upload

Software footysquare Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ab5c50c5a1bc Credits Joshua Small Required privilege...

WordPress Organization chart plugin <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Lana Codes Patchstack Alliance in the WordPress Organization chart plugin versions = 1.4.1. Solution Update the WordPress Organization chart plugin to the latest available version at least 1.4.2...

WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress Activity Reactions For Buddypress plugin versions = 1.0.22. Solution No patched version is available...

WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to plugin settings change selected language for legacy widgets can be changed, and default behavior for media content can be changed discovered by Dave Jong in WordPress WPML Multilingual CMS premium plugin versions = 4.5.10. Solution Update the WordPre...

WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Testimonial Slider plugin versions = 1.3.1. Solution No patched version is available. No reply from the vendor...

WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...

WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in WordPress 4ECPS Web Forms plugin versions = 0.2.17. Solution Update the WordPress 4ECPS Web Forms plugin to the latest available version at least 0.2.18...

WordPress Jeeng Push Notifications plugin <= 2.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in WordPress Jeeng Push Notifications plugin versions = 2.0.3. Solution Update the WordPress Jeeng Push Notifications plugin to the latest available version at least 2.0.4...

WordPress Booster Elite for WooCommerce plugin < 1.1.7 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress Booster Elite for WooCommerce plugin versions 1.1.7. Solution Update the WordPress Booster Elite for WooCommerce plugin to the latest available version at least 1.1.7...

WordPress Restaurant Menu plugin <= 2.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence in WordPress Restaurant Menu plugin versions = 2.3.1. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.2...

WordPress Contact Form 7 Database Addon plugin <= 1.2.6.3 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Adel Bouaricha in WordPress Contact Form 7 Database Addon plugin versions = 1.2.6.3. Solution Update the WordPress to the latest available version at least 1.2.6.5...

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability in RSS Block discovered in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

WordPress SeoSamba for WordPress Webmasters plugin <= 1.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress SeoSamba for WordPress Webmasters plugin versions = 1.0.5. Solution No patched version is available. No reply from the vendor...