CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...

EUVD-2024-32528

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...

CVE-2024-3962

The CVE CVE-2024-3962 affects Product Addons & Fields for WooCommerce (PPOM) on WordPress. It is caused by missing file type validation in the ppom_upload_file function, allowing unauthenticated arbitrary file uploads on all versions up to and including 32.0.18. Exploitation requires PPOM Pro ins...

WordPress Piotnet Addons For Elementor Pro Plugin <= 7.1.17 is vulnerable to Server Side Request Forgery (SSRF)

Software Piotnet Addons For Elementor Pro Type Plugin Vulnerable versions = 7.1.17 Fixed in N/A OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-33634 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fd220e386df6 Credits Dave Jong...

WordPress Element Pack Pro Plugin <= 7.7.4 is vulnerable to Arbitrary File Download

Software Element Pack Pro Type Plugin Vulnerable versions = 7.7.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-33568 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6b262cd1989a Credits Rafie Muhammad Patchstack...

CVE-2024-3645

CVE-2024-3645 affects the WordPress plugin Essential Addons for Elementor Pro (Counter widget). The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes (e.g., title_html_tag). Impact: authenticated attackers w...

CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress WP Staging Pro plugin < 5.4.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Wp Staging Pro versions 5.4.0...

CVE-2024-1279

The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata...

CVE-2023-51540 WordPress Custom 404 Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5cacf0b27060 Credits Francesco Carlucci...

CVE-2023-49830 WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32523 · WordPress · Duplicator +1

Name of the Vulnerable Software and Affected Versions: Duplicator WordPress plugin versions prior to 1.5.7.1 Duplicator Pro WordPress plugin versions prior to 4.5.14.2 Description: The issue concerns the Duplicator WordPress plugin and its Pro version, where the backups-dup-lite/tmp directory or...

PT-2023-25677 · WordPress · Schema Pro

Name of the Vulnerable Software and Affected Versions: Schema Pro versions through 2.7.7 Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This issue affects the Schema Pro plugin, enabling Cross Site Request Forgery...

WordPress Custom CSS Pro Plugin < 1.0.4 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:waspthemes:customcsspro"; if description...

CVE-2023-45052

Cross-Site Request Forgery CSRF vulnerability in dan009 WP Bing Map Pro plugin 5.0 versions...

CVE-2023-45052 WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in dan009 WP Bing Map Pro plugin 5.0 versions...

CVE-2023-45052

CVE-2023-45052 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WP Bing Map Pro WordPress plugin (vulnerable up to

CVE-2023-3213

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...