WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Broken Access Control

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edc9e66e9cf4 Credits Lucio Sá Required...

WordPress WooCommerce Plugin <= 9.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39666 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e41b7df57a0 Credits stealthcopter Required privilege...

WordPress Persian WooCommerce Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Persian WooCommerce Type Plugin Vulnerable versions = 7.1.6 Fixed in 9.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2fdf96331252 Credits Rafie Muhammad Patchstack...

WordPress Social Slider Feed Plugin <= 2.2.2 is vulnerable to Broken Access Control

Software Social Slider Feed Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43215 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eebbacd9eb23 Credits Joshua Chan Required...

WordPress Shared Files Plugin <= 1.7.28 is vulnerable to Sensitive Data Exposure

Software Shared Files Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-43230 Patch priority Low CVSS severity Low 5.3 Developer Tammersoft PSID 9e141e472eac Credits Abdi Pranata Required privile...

WordPress Amelia Plugin <= 1.2 is vulnerable to Sensitive Data Exposure

Software Amelia Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6552 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 963ab0b19e24 Credits stealthcopter Required privilege...

WordPress Football Pool Plugin <= 2.11.10 is vulnerable to Cross Site Scripting (XSS)

Software Football Pool Type Plugin Vulnerable versions = 2.11.10 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43130 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 286c38961ee5 Credits Ananda Dhakal Patchstack Required...

WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Broken Access Control

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43158 Patch priority Low CVSS severity Low 7.5 Developer Masteriyo PSID 9c29d6b5ac47 Credits Ananda Dhakal Patchstack Required...

WordPress Horizontal scrolling announcements Plugin <= 2.4 is vulnerable to SQL Injection

Software Horizontal scrolling announcements Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5000 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a1ff35c414c3 Credits István Márton Required privilege...

OESA-2024-1940 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.77 is vulnerable to Cross Site Scripting (XSS)

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.77 Fixed in 3.3.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39655 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a190a4c0c44f...

WordPress Pmpro Membership Maps Plugin < 0.7 is vulnerable to Sensitive Data Exposure

Software Pmpro Membership Maps Type Plugin Vulnerable versions 0.7 Fixed in 0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1286 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7b3657c40ef Credits Scott Kingsley Clark...

WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...

WordPress Email Encoder Bundle Plugin < 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions 2.2.2 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5d3ad3645d3e Credits Krugov Artyom Require...

WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df6582eddf1d Credits István Márton...

WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability

Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38795 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e3cbe0b07232 Credits Rafie Muhammad Patchstack Required privilege...