WordPress BEAR Plugin <= 1.1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software BEAR Type Plugin Vulnerable versions = 1.1.4.2 Fixed in 1.1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30200 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c6d05b2fb54 Credits Rafie Muhammad Patchstack Required...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.19 is vulnerable to Server Side Request Forgery (SSRF)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.19 Fixed in 3.2.20 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-23500 Patch priority Low CVSS severity Low 7.7 Developer KadenceWP PSID 12733422b1ab...

WordPress WP Editor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Editor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24700 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8185ba6a628 Credits Rafie Muhammad Patchstack Required...

WordPress Easy Social Share Buttons Plugin <= 9.4 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4ed0dcb5dd6 Credits Rafie Muhammad Patchstack...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.93 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.93 Fixed in 1.5.94 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29792 Patch priority Medium CVSS severity Medium 7.1 Developer Unlimited Elements PSID...

WordPress Doneren met Mollie Plugin <= 2.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Doneren met Mollie Type Plugin Vulnerable versions = 2.10.2 Fixed in 2.10.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29767 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fb2480f842b8 Credits Dimas Maulana Required...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

WordPress SEO Backlink Monitor Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software SEO Backlink Monitor Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29907 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 62c1627bf899 Credits Dimas Maulana Required...

WordPress Shortlinks by Pretty Links Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Shortlinks by Pretty Links Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29770 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1b0efcde695 Credits Rafie Muhammad...

WordPress Shipping with Venipak for WooCommerce Plugin <= 1.19.5 is vulnerable to Cross Site Scripting (XSS)

Software Shipping with Venipak for WooCommerce Type Plugin Vulnerable versions = 1.19.5 Fixed in 1.19.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29805 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5b7b5db66a39 Credits Le Ngoc...

WordPress Calculated Fields Form Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29759 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 65b9391ce7f8 Credits Rafie Muhammad Patchsta...

WordPress Booster for WooCommerce Plugin <= 7.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.7 Fixed in 7.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29760 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ccd1007ae31 Credits Rafie Muhammad Patchstac...

WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Broken Access Control

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2702 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 277d1e4e3b86 Credits Yudistira Arya...

WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure

Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...

WordPress Restrict User Access – Membership Plugin with Force Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Restrict User Access – Membership Plugin with Force Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29138 Patch priority Medium CVSS severity Medium 7.1 Developer DEV Institute PSID 211a6e23f622 Credits...

WordPress Tourfic Plugin <= 2.11.7 is vulnerable to Cross Site Scripting (XSS)

Software Tourfic Type Plugin Vulnerable versions = 2.11.7 Fixed in 2.11.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29137 Patch priority Medium CVSS severity Medium 7.1 Developer Themefic PSID 46fbea9a6c10 Credits LVT-tholv2k Required privilege Unauthenticate...

WordPress WooThumbs for WooCommerce by Iconic Plugin <= 5.5.3 is vulnerable to Cross Site Scripting (XSS)

Software WooThumbs for WooCommerce by Iconic Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29116 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d034def295d9 Credits Dave Jong...

WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...

WordPress Database for Contact Form 7 Plugin <= 3.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Database for Contact Form 7 Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29103 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1d2cfc35a61d Credits RE-ALTER Required...

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...