WordPress Top Bar Notification plugin <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Top Bar Notification versions = 1.12...

WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...

WordPress Sirv Plugin <= 7.2.7 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE N/A Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID 9e701815e83c Credits scottaglia Required privilege Contributor Published 22 August, 2024...

WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload

Software Mollie Payments for WooCommerce Type Plugin Vulnerable versions = 7.3.11 Fixed in 7.3.12 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-6090 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 5c0982698e82 Credits Rafie Muhammad...

WordPress URL Params Plugin < 2.5 is vulnerable to Cross Site Scripting (XSS)

Software URL Params Type Plugin Vulnerable versions 2.5 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c07bdc476562 Credits Lana Codes Required privilege...

WordPress Advanced Custom Fields PRO Plugin < 6.1.0 is vulnerable to PHP Object Injection

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 322be262bcd9 Credits Nguyen Huu Do Required...

WordPress Forminator Plugin <= 1.22.1 is vulnerable to Broken Access Control

Software Forminator Type Plugin Vulnerable versions = 1.22.1 Fixed in 1.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer WPMU DEV PSID 38229dd9fbd0 Credits Unknown Required privilege Subscriber...

WordPress Weaver Xtreme Theme Support Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 5.0.2 Fixed in 6.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fef1f764ecf Credits Unknown Required...

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software Top 10 Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer WebberZone PSID 0fa5b1c87acc Credits WordFence Required privilege Subscriber Publishe...