WordPress Easy Digital Downloads – Recent Purchases Plugin <= 1.0.2 is vulnerable to Remote File Inclusion

Software Easy Digital Downloads – Recent Purchases Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-35629 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 23e0c1b90e02 Credits YCInfosec Require...

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

WordPress Carousel Slider Plugin < 2.2.11 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.11 Fixed in 2.2.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4372 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cea7cd9dc30e Credits Dmitrii Ignatyev Require...

WordPress Page Builder by SiteOrigin Plugin <= 2.29.15 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.15 Fixed in 2.29.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4361 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f447bc1bf9e Credits...

WordPress Swift Framework Page Builder Plugin < 2024.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.0.0 Fixed in 2024.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2697 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 571298b5f634 Credits Bob...

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Privilege Escalation

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-4351 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc3d215c9303 Credits villu164...

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4352 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7694afbc9e58 Credits villu164 Required privilege...

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.4 is vulnerable to Broken Access Control

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.4 Fixed in 1.12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4745 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 632d49d4c2a4 Credits...

WordPress Porto Theme - Functionality Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Porto Theme - Functionality Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05d6982e8315 Credits István Márton Required privileg...

WordPress Visual Footer Credit Remover Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Visual Footer Credit Remover Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2846 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 265b4eed7803 Credits 1337Wannabe...

WordPress Shared Counts Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Shared Counts Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9dd902d0b809 Credits N/A Required privilege Unauthenticated...

WordPress WP Photo Album Plus Plugin <= 8.7.01.001 is vulnerable to Arbitrary File Upload

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.01.001 Fixed in 8.7.01.002 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31377 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6676bd224b42 Credits stealthcopter Required...

WordPress Zotpress Plugin <= 7.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.9 Fixed in 7.3.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34569 Patch priority Low CVSS severity Low 6.5 Developer Katie Seaborn PSID 7fcedeab8bd4 Credits LVT-tholv2k Required privilege Contributor...

WordPress Auto Affiliate Links Plugin <= 6.4.3.1 is vulnerable to SQL Injection

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3.1 Fixed in 6.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-34386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 901e8da7d177 Credits Do Truong Giang Required privilege Editor...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress Embed Google Fonts Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software Embed Google Fonts Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530cac3d37a Credits Abdi Pranata Required...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress Zeever Theme <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zeever Type Theme Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 920f9a11d3ed Credits Dhabaleshwar Das Required...

WordPress Althea WP Theme <= 1.0.13 is vulnerable to Broken Access Control

Software Althea WP Type Theme Vulnerable versions = 1.0.13 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5f642c59b Credits Dhabaleshwar Das Required privileg...

WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...