3802 matches found
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability
Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability
Subscriber+ Arbitrary WordPress Options Removal vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability
Subscriber+ Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress ARForms plugin <= 6.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...
WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin InstaWP Connect versions = 0.1.0.24...
WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin YITH WooCommerce Compare versions = 2.37.0...
WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32952 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c3b6f1863142 Credits Dave Jong Patchstack...
WordPress ProfileGrid Plugin <= 5.8.2 is vulnerable to Bypass Vulnerability
Software ProfileGrid Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-32774 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32476e3a5d62 Credits Kyle Sanchez Required privilege Subscrib...
WordPress Royal Elementor Kit Theme <= 1.0.116 is vulnerable to Cross Site Request Forgery (CSRF)
Software Royal Elementor Kit Type Theme Vulnerable versions = 1.0.116 Fixed in 1.0.117 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32773 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4da5c371e0b8 Credits Dhabaleshwar...
WordPress ARForms Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ac8f7cc23af Credits Dave Jong Patchstack Required privilege...
WordPress myCred Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)
Software myCred Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32711 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8867201beeee Credits stealthcopter Required privilege Subscrib...
WordPress WP-Lister Lite for eBay Plugin <= 3.5.11 is vulnerable to Arbitrary File Upload
Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.11 Fixed in 3.6.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32836 Patch priority Medium CVSS severity Medium 9.1 Developer WP Lab PSID a5bd0e74973d Credits Joshua Chan Required privilege Shop...
WordPress BP Better Messages Plugin <= 2.4.32 is vulnerable to Broken Authentication
Software BP Better Messages Type Plugin Vulnerable versions = 2.4.32 Fixed in 2.4.33 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2024-32802 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f9f66260d562 Credits Ananda Dhakal...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...
WordPress Pricing Table by Supsystic Plugin <= 1.9.12 is vulnerable to Content Injection
Software Pricing Table by Supsystic Type Plugin Vulnerable versions = 1.9.12 Fixed in 1.9.13 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-32790 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 432ab1264c03 Credits Steven Julian Required privilege...
WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Settings Change
Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32951 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 446d765fd496 Credits Dave Jong Patchstac...
WordPress SuperFaktura WooCommerce Plugin <= 1.40.3 is vulnerable to Server Side Request Forgery (SSRF)
Software SuperFaktura WooCommerce Type Plugin Vulnerable versions = 1.40.3 Fixed in 1.40.4 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-32803 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 1f6825e0241f Credits...
WordPress ActiveDEMAND Plugin <= 0.2.41 is vulnerable to Arbitrary File Upload
Software ActiveDEMAND Type Plugin Vulnerable versions = 0.2.41 Fixed in 0.2.42 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32809 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7f5500fcd5a1 Credits stealthcopter Required privilege...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32705 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 849f4eb72992 Credits Dave Jong Patchstack Required privilege...
WordPress EWWW Image Optimizer Plugin < 7.3.0 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ewww:imageoptimizer"; if description...