WordPress Zippy Plugin <= 1.6.9 is vulnerable to Arbitrary File Upload

Software Zippy Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.6.10 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-27964 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID f32b93d01376 Credits stealthcopter Required...

WordPress Crisp Plugin <= 0.44 is vulnerable to Cross Site Scripting (XSS)

Software Crisp Type Plugin Vulnerable versions = 0.44 Fixed in 0.45 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27963 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d24f23d72736 Credits stealthcopter Required privilege Subscriber...

WordPress Newsletter2Go Plugin <= 4.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter2Go Type Plugin Vulnerable versions = 4.0.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1328 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1277fbb17528 Credits Francesco Carlucci...

WordPress Auto Affiliate Links Plugin <= 6.4.3 is vulnerable to Broken Access Control

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3 Fixed in 6.4.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1843 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 446cb40c7edd Credits Lucio Sá Required...

WordPress Happy Addons for Elementor Plugin <= 3.10.3 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.10.3 Fixed in 3.10.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1366 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID d2918b7cdf49 Credits wesley wcraft Requir...

WordPress File Manager Plugin <= 7.2.1 is vulnerable to Path Traversal

Software File Manager Type Plugin Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2023-6825 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 7f2548079631 Credits Tobias Weißhaar kun19 Required privilege...

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Broken Access Control

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45000 Patch priority High CVSS severity High 8.2 Developer Hai Zheng / Lite Speed Cache PSID b9853af17bd3 Credits Rafie Muhammad...

WordPress Tabs Shortcode and Widget Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Shortcode and Widget Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b7bc2e300121 Credits Dmitrii Ignatyev...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.41 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.41 Fixed in 2.3.42 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1217 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID b229d70e3a1f...

WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Software WooCommerce Easy Checkout Field Editor, Fees & Discounts Type Plugin Vulnerable versions = 3.5.12 Fixed in 3.5.13 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25925 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a8071054e8b4 Credi...

WordPress Action Network Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Action Network Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25921 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24b8e111dbfb Credits Mika Required privilege...

WordPress Bricks Builder Theme <= 1.9.6 is vulnerable to Remote Code Execution (RCE)

Software Bricks Builder Type Theme Vulnerable versions = 1.9.6 Fixed in 1.9.6.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25600 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58c6c492a8d0 Credits Snicco Required privilege...

WordPress MoveTo Plugin <= 6.2 is vulnerable to Denial of Service Attack

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Denial of Service Attack CVE CVE-2024-25911 Patch priority Medium CVSS severity Medium 8.6 Developer Claim ownership PSID fbded13be6d8 Credits Dave Jong Patchstack Required...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0983 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3893271a34ec Credits Frances...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1339 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8c1f1233fec Credi...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1334 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2cae2af18e64 Credi...

WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25905 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c40d82e8e1e2 Credits Benmalek Aymen...

WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.5.13 Fixed in 7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24879 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d3a58aec2719 Credits Yudistira Arya Required privilege...

WordPress PowerPack Pro for Elementor Plugin <= 2.10.6 is vulnerable to Settings Change

Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.10.6 Fixed in 2.10.8 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-24844 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ad539f87b78f Credits Dave Jong Patchstac...