WordPress External image replace plugin <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin External image replace versions = 1.0.8...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.3 is vulnerable to SQL Injection

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25218 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6b8bcb14a865 Credits Ala Arfaoui...

WordPress WP Post Author Plugin <= 3.8.1 is vulnerable to SQL Injection

Software WP Post Author Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8757 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 459e7e4ad115 Credits Lesor101 Required privilege Administrator Published...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.3 is vulnerable to SQL Injection

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.3 Fixed in 1.3.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8624 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 72c934040045 Credits Krzysztof Zając...

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

WordPress Houzez CRM Plugin <= 1.4.2 is vulnerable to SQL Injection

Software Houzez CRM Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 666665555649 Credits István Márton Required privilege Seller Published 9 Jul...

WordPress IMGspider Plugin <= 2.3.10 is vulnerable to Arbitrary File Upload

Software IMGspider Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6319 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 7f35690ce29e Credits István Márton Required privilege...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

WordPress FluentForm Plugin <= 5.1.15 is vulnerable to PHP Object Injection

Software FluentForm Type Plugin Vulnerable versions = 5.1.15 Fixed in 5.1.16 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4157 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 3330782fcf1c Credits Tobias Weißhaar kun19 Required privilege...

WordPress Easy Property Listings Plugin <= 3.5.2 is vulnerable to SQL Injection

Software Easy Property Listings Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1893 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 741d2179a015 Credits Krzysztof Zając Required privilege...

WordPress Fancy Product Designer Plugin < 6.1.5 is vulnerable to SQL Injection

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0365 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8a2fcc7e3e05 Credits Ivan Spiridonov Required privilege...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection

Software WP SMS Type Plugin Vulnerable versions = 6.5 Fixed in 6.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6981 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0cdcc4de6b6a Credits Krzysztof Zając Required privilege Administrator Published 3...

WordPress Advanced Booking Calendar Plugin <= 3.2.11 is vulnerable to SQL Injection

Software Advanced Booking Calendar Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cef456031167 Credits N/A Required privilege Administrator Published 3...

WordPress Video Gallery – YouTube Gallery Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Video Gallery – YouTube Gallery Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45069 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3d253c27c06d Credits Ravi Dharmawan Required privilege...

WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4598 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8c9d4c888c2a Credits WordFence Required privilege Contributor...

WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-34383 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 02d3661940eb Credits Theodoros Malachias Required privilege...