39 matches found
jqmagick.imagemagick.org Cross Site Scripting vulnerability OBB-3942375
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Cliengo – Chatbot Plugin <= 3.0.1 is vulnerable to Broken Access Control
Software Cliengo – Chatbot Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5993 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 950b128377a0 Credits Lucio Sá Required privilege...
WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9fc0b88e6af6 Credits Francesco Carlucci...
WordPress Default Thumbnail Plus Plugin <= 1.0.2.3 is vulnerable to Arbitrary File Upload
Software Default Thumbnail Plus Type Plugin Vulnerable versions = 1.0.2.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6161 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID ab5c2abdfe96 Credits István Márton Required...
WordPress Pricing Table Plugin <= 2.0.1 is vulnerable to Broken Access Control
Software Pricing Table Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4102 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d83a882cffe Credits Benedictus Jovan aillesiM Required...
WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to Broken Access Control
Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37929 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a51ba27e9212 Credits Dave Jong Patchstac...
WordPress Product Designer Plugin <= 1.0.33 is vulnerable to Broken Access Control
Software Product Designer Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3608 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7913547b43c1 Credits Lucio Sá Required privilege...
WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control
Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...
WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Broken Access Control
Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6167 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 899cda063365 Credits Francesco Carlucci Required...
WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to Arbitrary File Deletion
Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37932 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 80d70b64099f Credits Dave Jong Patchstack...
WordPress Media Hygiene Plugin <= 3.0.1 is vulnerable to Broken Access Control
Software Media Hygiene Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5855 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6586cb78deae Credits Lucio Sá Required privilege...
WordPress Houzez CRM Plugin <= 1.4.2 is vulnerable to SQL Injection
Software Houzez CRM Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 666665555649 Credits István Márton Required privilege Seller Published 9 Jul...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.112 is vulnerable to Cross Site Scripting (XSS)
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.112 Fixed in 1.5.113 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6169 Patch priority Low CVSS severity Low 6.5 Developer Unlimited...
WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37555 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 2989195e2c48 Credits...
atools.cz Cross Site Scripting vulnerability OBB-3496363
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
voparis-srv.obspm.fr Cross Site Scripting vulnerability OBB-3495753
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
restaurantdelagaremunzenberger.fr Cross Site Scripting vulnerability OBB-3495438
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vbm.kulturhotell.se Cross Site Scripting vulnerability OBB-3495198
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
citrix.dhss.alaska.gov Cross Site Scripting vulnerability OBB-3494098
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
citrixaccesseast.va.gov Cross Site Scripting vulnerability OBB-3494085
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...