WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.2...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...

WordPress Stackable Plugin <= 3.12.11 is vulnerable to Cross Site Scripting (XSS)

Software Stackable Type Plugin Vulnerable versions = 3.12.11 Fixed in 3.12.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2039 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b3e3ea1b1636 Credits Ngô Thiên An ancorn -...

Heateor Social Login < 1.1.31 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in version Ngô Thiên An ancorn from VNPT-VCI due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...