WordPress Social Author Bio Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Social Author Bio Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30545 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 30e2380972a1 Credits Cronus Required privilege...

WordPress VS Contact Form Plugin <= 14.7 is vulnerable to Bypass Vulnerability

Software VS Contact Form Type Plugin Vulnerable versions = 14.7 Fixed in 14.8 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-30540 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 88383ccd18bb Credits Kyle Sanchez Required privilege...

WordPress Convert Post Types Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Convert Post Types Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31112 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7886117d6aac Credits Dimas Maulana Required privilege...

WordPress Slugs Manager Plugin <= 2.6.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Slugs Manager Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.7.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30536 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a596f5eeacf4 Credits Nguyen Xuan Chien...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.7 is vulnerable to Broken Access Control

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.15.7 Fixed in 2.15.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31099 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 6820fd10e35f...

WordPress All In One Redirection Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software All In One Redirection Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30506 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 13d4332eeeeb Credits Pham Ho Anh Dung Required...

WordPress YITH WooCommerce Account Funds Premium Plugin <= 1.33.0 is vulnerable to Broken Access Control

Software YITH WooCommerce Account Funds Premium Type Plugin Vulnerable versions = 1.33.0 Fixed in 1.34.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30470 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c87cc5ed5cea Credit...

WordPress Essential Blocks for Gutenberg Plugin <= 4.4.9 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30467 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 54c35d565aef Credits Rafie Muhamma...

WordPress Element Pack Elementor Addons Plugin <= 5.5.3 is vulnerable to SQL Injection

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30496 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3d0133376896 Credits Rafie Muhammad Patchstack Required...

WordPress Nexter Blocks Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Nexter Blocks Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30435 Patch priority Medium CVSS severity Medium 7.1 Developer POSIMYTH Innovations PSID 6b7745362c68 Credits LVT-tholv2k Required privileg...

WordPress Media Library Folders Plugin <= 8.1.7 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.1.7 Fixed in 8.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30486 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 07c50fa94bf4 Credits Le Ngoc Anh Required privilege Author...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

WordPress WP Travel Engine Plugin <= 5.7.9 is vulnerable to SQL Injection

Software WP Travel Engine Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30502 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 275fbb9060ec Credits Yudistira Arya Required privilege...

WordPress FV Flowplayer Video Player Plugin <= 7.5.41.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.41.7212 Fixed in 7.5.44.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22299 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f54d6f5d663 Credits Rafie...

WordPress Favicon Rotator Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Favicon Rotator Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-28001 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e90080f8961c Credits Rafie Muhammad Patchstack...

WordPress WP Migrate Plugin <= 2.6.10 is vulnerable to PHP Object Injection

Software WP Migrate Type Plugin Vulnerable versions = 2.6.10 Fixed in 2.6.11 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6b6e8d810b6a Credits Dave Jong Patchstack Required privilege...

WordPress GiveWP Plugin <= 3.4.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30229 Patch priority Medium CVSS severity Medium 8 Developer Liquid Web / StellarWP PSID 9a991fbaf7bc Credits Rafie Muhammad Patchstack Required...

WordPress Preview E-mails for WooCommerce Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Preview E-mails for WooCommerce Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b64b027ac25b Credits Rafie Muhammad...

WordPress WP-Lister Lite for Amazon Plugin <= 2.6.11 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for Amazon Type Plugin Vulnerable versions = 2.6.11 Fixed in 2.6.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2889 Patch priority Low CVSS severity Low 5.9 Developer WP Lab PSID d73aca6fb4f0 Credits Joshua Chan Required privilege...

WordPress WholesaleX Plugin <= 1.3.2 is vulnerable to PHP Object Injection

Software WholesaleX Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30224 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4891ade0b03a Credits Rafie Muhammad Patchstack Required privilege...