WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...

WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation

Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

WordPress Locatoraid Store Locator Plugin <= 3.9.47 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.47 Fixed in 3.9.48 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9652 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b0bf6a78a627 Credits vgo0...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

WordPress Job Board Manager for WordPress Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Job Board Manager for WordPress Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49322 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d9004d540adc Credits João Pedro S...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

WordPress LetterPress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software LetterPress Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3590 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6967a7d78047 Credits SANU P.L Required privileg...

WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Scripting (XSS)

Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2857 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8f6e6e1aab1 Credits Bob Matyas...

WordPress WooCommerce Customers Manager Plugin < 29.7 is vulnerable to SQL Injection

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.7 Fixed in 29.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0399 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3c8fe0630d48 Credits Ivan Spiridonov Required privilege...

WordPress DethemeKit For Elementor Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c3d2d2de543b Credits Khalid Yusuf Required privile...

WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.16 Fixed in 4.10.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29106 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 89d8d110c101 Credits Khalid Yusuf Required...

WordPress WP Calameo Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Calameo Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c0b84991b1 Credits Ray Wilson Required privilege Contributor...

WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...

joylab.ca Cross Site Scripting vulnerability OBB-3583572

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32745 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2ce50834e16e Credits Rafie Muhammad Patchsta...