v.26.4.2314

High Severity Vulnerabilities

Found 13053 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

WordPress Plugin WooCommerce HTML Injection (6.5.1)

CVE-2022-2099

CWE-79

High

WordPress Plugin WooCommerce Multiple Vulnerabilities (6.2.0)

CVE-2022-0775

CWE-863

High

WordPress Plugin WooCommerce Payments-Fully Integrated Solution Built and Supported by Woo Security Bypass (5.6.1)

CVE-2023-28121

CWE-269

High

WordPress Plugin WooCommerce Security Bypass (6.3.0)

-

CWE-863

High

WordPress Plugin WooCommerce Weight Based Shipping Cross-Site Request Forgery (5.4.1)

CVE-2022-46794

CWE-352

High

WordPress Plugin WordPress Console Security Bypass (0.3.9)

CVE-2023-28168

CWE-862

High

WordPress Plugin WordPress WP-Advanced-Search Cross-Site Request Forgery (3.3.8)

CVE-2022-47447

CWE-352

High

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.5)

-

CWE-89

High

WordPress Plugin WP Basic Elements Cross-Site Request Forgery (5.2.15)

CVE-2022-47139

CWE-352

High

WordPress Plugin WP Data Access Privilege Escalation (5.3.7)

CVE-2023-1874

CWE-269

High

WordPress Plugin WP Data Access Security Bypass (5.1.3)

-

CWE-862

High

WordPress Plugin WP Data Access SQL Injection (4.3.1)

CVE-2021-24866

CWE-89

High

WordPress Plugin xili-tidy-tags Cross-Site Request Forgery (1.12.03)

CVE-2022-47448

CWE-352

High

WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)

CVE-2023-25052

CWE-79

High

WordPress Plugin Advanced Custom Fields (ACF) Arbitrary File Upload (5.12.2)

CVE-2022-2594

CWE-434

High

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (6.1.5)

CVE-2023-30777

CWE-79

High

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

CVE-2022-40696

CWE-200

High

WordPress Plugin Advanced Custom Fields (ACF) PHP Object Injection (6.0.7)

CVE-2023-1196

CWE-915

High

WordPress Plugin Advanced Custom Fields (ACF) Security Bypass (5.12)

CVE-2022-23183

CWE-862

High

WordPress Plugin Advanced Custom Fields PRO Arbitrary File Upload (5.12.2)

CVE-2022-2594

CWE-434

High

WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (6.1.5)

CVE-2023-30777

CWE-79

High

WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)

CVE-2022-40696

CWE-200

High

WordPress Plugin Advanced Custom Fields PRO PHP Object Injection (6.0.7)

CVE-2023-1196

CWE-915

High

WordPress Plugin Advanced Custom Fields PRO Security Bypass (5.12)

CVE-2022-23183

CWE-862

High

WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)

CVE-2023-2452

CWE-79

High

WordPress Plugin CM Pop-Up banners for WordPress SQL Injection (1.5.10)

CVE-2023-30750

CWE-89

High

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Security Bypass (3.1.1.4.1)

CVE-2023-30869

CWE-269

High

WordPress Plugin Elementor Pro Security Bypass (3.11.6)

-

CWE-862

High

WordPress Plugin Essential Addons for Elementor Security Bypass (5.7.1)

CVE-2023-32243

CWE-20

High

WordPress Plugin FV Flowplayer Video Player Cross-Site Request Forgery (7.5.30.7210)

CVE-2023-25066

CWE-352

High

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.18.727)

CVE-2022-25613

CWE-79

High

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.32.7212)

CVE-2023-30499

CWE-79

High

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.15.727)

CVE-2022-25607

CWE-89

High

WordPress Plugin Image Optimizer by 10web-Image Optimizer and Compression Directory Traversal (1.0.25)

-

CWE-22

High

WordPress Plugin Image Optimizer by 10web-Image Optimizer and Compression Multiple Vulnerabilities (1.0.26)

CVE-2023-2122

CWE-79

High

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Security Bypass (3.2.1)

CVE-2023-0085

CWE-358

High

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Security Bypass (3.3.0)

CVE-2023-1843

CWE-862

High

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.6.21)

CVE-2023-1835

CWE-79

High

WordPress Plugin Otter-Gutenberg Blocks-Page Builder for Gutenberg Editor & FSE PHAR Deserialization (2.2.5)

CVE-2023-2288

CWE-502

High

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.5)

CVE-2023-1839

CWE-79

High

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)

CVE-2023-2256

CWE-79

High

WordPress Plugin Product Addons & Fields for WooCommerce Security Bypass (23.9)

CVE-2021-25018

CWE-862

High

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Request Forgery (1.23.3)

CVE-2023-32960

CWE-352

High

WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (6.8.1)

CVE-2023-0600

CWE-89

High

WordPress Plugin YARPP-Yet Another Related Posts Local File Inclusion (5.30.3)

CVE-2022-45374

CWE-22

High

WordPress Plugin YARPP-Yet Another Related Posts SQL Injection (5.30.2)

CVE-2023-0579

CWE-89

High

WordPress Plugin Abandoned Cart Lite for WooCommerce Security Bypass (5.14.2)

CVE-2023-2986

CWE-326

High

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)

CVE-2023-2834

CWE-287

High

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Unspecified Vulnerability (2.3.8)

-

-

High

WordPress Plugin LearnDash LMS Insecure Direct Object Reference (4.6.0)

CVE-2023-3105

CWE-639

High

WordPress Plugin LearnDash LMS SQL Injection (4.5.3)

CVE-2023-28777

CWE-89

High

WordPress Plugin Mail logging-WP Mail Catcher Cross-Site Scripting (2.1.2)

CVE-2023-3080

CWE-79

High

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.5.7)

CVE-2023-3082

CWE-79

High

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Multiple Cross-Site Request Forgery Vulnerabilities (2.5.6)

CVE-2023-3179

CWE-352

High

WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce CSV Injection (1.6.7)

CVE-2022-46809

CWE-1236

High

WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce Privilege Escalation (1.6.13)

CVE-2023-2833

CWE-269

High

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.6.6)

CVE-2023-3460

CWE-269

High

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Arbitrary File Upload (3.0.2)

CVE-2023-3342

CWE-434

High

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Cross-Site Request Forgery (2.9.10)

CVE-2022-4941

CWE-352

High

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Insecure Direct Object Reference (2.10.7)

CVE-2023-2276

CWE-639

High

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Privilege Escalation (2.10.0)

CVE-2022-4939

CWE-269

High

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Bypass (7.6.4)

CVE-2023-2982

CWE-287

High

WordPress Plugin WP Mail Log Cross-Site Request Forgery (1.0.1)

CVE-2022-45807

CWE-352

High

WordPress Plugin WP Mail Log Cross-Site Scripting (1.1.1)

CVE-2023-3088

CWE-79

High

WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1)

CVE-2023-3081

CWE-79

High

WordPress Plugin WP Mail Logging Security Bypass (1.9.9)

CVE-2021-38314

CWE-284

High

WordPress Plugin WP Mail Logging Security Bypass (1.11.2)

-

CWE-862

High

WordPress Plugin WP User Switch Security Bypass (1.0.2)

CVE-2023-2546

CWE-287

High

WordPress Plugin wpForo Forum Cross-Site Scripting (2.1.8)

CVE-2023-2309

CWE-79

High

WordPress Plugin wpForo Forum Multiple Vulnerabilities (2.1.7)

CVE-2023-2249

CWE-918

High

WordPress Plugin B2BKing-Ultimate WooCommerce Wholesale and B2B Solution-Wholesale Order Form, Catalog Mode, Dynamic Pricing & More Security Bypass (4.6.00)

CVE-2023-3126

CWE-862

High

WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Cross-Site Scripting (1.7.0.10)

CVE-2022-47441

CWE-79

High

WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Privilege Escalation (1.7.0.12)

CVE-2023-4404

CWE-269

High

WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.2.2)

CVE-2023-0219

CWE-79

High

WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.2.4)

CVE-2023-3087

CWE-79

High