73 matches found
WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Button Block versions = 1.2.0...
WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by theviper17 in WordPress Plugin AI Tools versions = 4.0.7...
WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin POEditor versions = 0.9.10...
WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by ch4r0n in WordPress Plugin Web3Press versions = 3.2.0...
WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by chuck in WordPress Plugin WP Tools versions = 5.18...
WordPress StaffList plugin <= 3.2.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Anhchangmutrang in WordPress Plugin StaffList versions = 3.2.7...
WordPress Ahmeti Wp Güzel Sözler Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ahmeti Wp Güzel Sözler Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53707 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29f434d8f692 Credits thiennv Required...
WordPress nBlocks Plugin <= 1.0.2 is vulnerable to Local File Inclusion
Software nBlocks Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-52450 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d4618b9386b6 Credits João Pedro S Alcântara Kinorth Required...
WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Broken Access Control
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47361 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID 2e7a1c5b31a1 Credits Rafie Muhammad Patchstack...
WordPress Depicter Slider Plugin <= 3.2.2 is vulnerable to Broken Access Control
Software Depicter Slider Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47359 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fe95aaab539d Credits Rafie Muhammad Patchstack...
WordPress Use Any Font Plugin <= 6.3.08 is vulnerable to Cross Site Request Forgery (CSRF)
Software Use Any Font Type Plugin Vulnerable versions = 6.3.08 Fixed in 6.3.09 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-47305 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 15cf8c1d7c9e Credits Rafie Muhammad...
WordPress Relevanssi Live Ajax Search Plugin <= 2.4 is vulnerable to Broken Access Control
Software Relevanssi Live Ajax Search Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7573 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 091b716b5837 Credits scottaglia Required...
WordPress Gixaw Chat Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Gixaw Chat Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7816 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID aa72a581011b Credits Daniel Ruf Required privilege...
WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)
Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...
WordPress Persian WooCommerce Plugin <= 7.1.6 is vulnerable to Broken Access Control
Software Persian WooCommerce Type Plugin Vulnerable versions = 7.1.6 Fixed in 9.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2fdf96331252 Credits Rafie Muhammad Patchstack...
WordPress Masteriyo - LMS Plugin <= 1.11.6 is vulnerable to Broken Access Control
Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.12.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43159 Patch priority Low CVSS severity Low 5.3 Developer Masteriyo PSID 1a387af06f60 Credits Ananda Dhakal Patchstack Required...
WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Broken Access Control
Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43158 Patch priority Low CVSS severity Low 7.5 Developer Masteriyo PSID 9c29d6b5ac47 Credits Ananda Dhakal Patchstack Required...
WordPress Hummingbird Plugin <= 3.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Hummingbird Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43117 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 6f3eebbe9837 Credits Rafie Muhammad Patchstack...
WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication
Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...
WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control
Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...