84 matches found
WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by theviper17 in WordPress Plugin StoreKeeper for WooCommerce versions = 14.4.4...
WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control
Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...
WordPress Easy PayPal Events Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy PayPal Events Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8476 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61a92fe21d38 Credits Krzysztof Zając...
WordPress Flash & HTML5 Video Plugin <= 2.5.34 is vulnerable to Broken Access Control
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.34 Fixed in 2.5.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 692106c3e036 Credits Lucio Sá Required...
WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d47df2666851 Credits Sajjad Ahmad jacksparro...
WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Broken Access Control
Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eb3754a5f963 Credits Sajjad Ahmad jacksparrow Required...
WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control
Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...
WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...
WordPress pz-frontend-manager Plugin < 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software pz-frontend-manager Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00622e75c008 Credits Vuln Seeker...
WordPress Product Designer Plugin <= 1.0.33 is vulnerable to Broken Access Control
Software Product Designer Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3608 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7913547b43c1 Credits Lucio Sá Required privilege...
WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control
Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...
WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control
Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...
WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Broken Access Control
Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6327 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b04aa8b3961f Credits Francesco Carlucci Required privile...
WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...
WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...
WordPress WooCommerce Clover Payment Gateway Plugin <= 1.3.1 is vulnerable to Broken Access Control
Software WooCommerce Clover Payment Gateway Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c0aefba99a Credits Francesco...
WordPress WooCommerce Cloak Affiliate Links Plugin <= 1.0.33 is vulnerable to Broken Access Control
Software WooCommerce Cloak Affiliate Links Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1308 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 86ffc05e045a Credits Francesc...
WordPress Advanced Classifieds & Directory Pro Plugin <= 3.0.0 is vulnerable to Broken Access Control
Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0df0ba101fff Credits Lucio Sá...
WordPress Play.ht Plugin <= 3.6.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0827 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f23f219c4e4b Credits Francesco Carlucci Required...
WordPress Easy Social Feed Plugin <= 6.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.4 Fixed in 6.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1213 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 08e633917104 Credits Eldar Zeynalli...