WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...

WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

WordPress Newsletters Plugin <=4.9.5 is vulnerable to Sensitive Data Exposure

Software Newsletters Type Plugin Vulnerable versions =4.9.5 Fixed in 4.9.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32953 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5684766cc1ef Credits Peng Zhou Required privilege...

WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...

WordPress Podlove Podcast Publisher Plugin <= 4.0.14 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.14 Fixed in 4.0.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32712 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 03f3d1e3ccd2 Credits LVT-tholv2k...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

WordPress Coupon & Discount Code Reveal Button Plugin <=1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Coupon & Discount Code Reveal Button Type Plugin Vulnerable versions =1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID abdf37204c70 Credits emad Required...

WordPress AI Post Generator | AutoWriter Plugin <= 3.3 is vulnerable to Broken Access Control

Software AI Post Generator | AutoWriter Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32713 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1f7f2444d49e Credits LVT-tholv2k Requir...

WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion

Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...

WordPress Wp Ultimate Review Plugin <= 2.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Wp Ultimate Review Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b452df5fd16 Credits Kyle...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32551 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4e8128ffc035 Credits CatFather Required privilege Author...

WordPress NPS computy Plugin < 2.7.6 is vulnerable to Cross Site Scripting (XSS)

Software NPS computy Type Plugin Vulnerable versions 2.7.6 Fixed in 2.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1754 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3449f6b4bc3 Credits Bob Matyas Required privilege...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to SQL Injection

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32128 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID df09fa02a23c Credits Joshua Chan Required privilege...

WordPress BEAF Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software BEAF Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32433 Patch priority Low CVSS severity Low 4.3 Developer Themefic PSID 289a94720dc1 Credits Dhabaleshwar Das Required privilege...

WordPress WP Matterport Shortcode Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Matterport Shortcode Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32109 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8f5cab9e3ca Credits Nguyen Xuan...

WordPress Load More Anything Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Load More Anything Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32110 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 324c36183bf9 Credits Dhabaleshwar Das Required...

WordPress WordPress Gallery Exporter Plugin <= 1.3 is vulnerable to Arbitrary File Download

Software WordPress Gallery Exporter Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-31342 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6307ae9c3c1f Credits Abdi Prawira Negara...

WordPress WC Marketplace Plugin <= 4.1.3 is vulnerable to Broken Access Control

Software WC Marketplace Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31304 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 245d71ae2d23 Credits LVT-tholv2k Required...

WordPress Passster – Password Protection Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Passster – Password Protection Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2026 Patch priority Low CVSS severity Low 6.5 Developer Patrick Posner PSID e14038938ff1 Credits...