WordPress Super Socializer Plugin <= 7.13.68 is vulnerable to Broken Authentication

Software Super Socializer Type Plugin Vulnerable versions = 7.13.68 Fixed in 7.14 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9946 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3feff8ece72e Credits wesle...

WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication

Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...

WordPress Loginplus Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Loginplus Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3789effcd64f Credits Mika Required privilege Unauthenticated...

WordPress WP Visual Adverts Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Visual Adverts Type Plugin Vulnerable versions = 2.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51707 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6941a74fa9c3 Credits João Pedro S Alcântara Kinorth...

WordPress Don't Break The Code Plugin <= .3.1 is vulnerable to Cross Site Scripting (XSS)

Software Don't Break The Code Type Plugin Vulnerable versions = .3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e5611bdb41d7 Credits João Pedro S Alcântara Kinorth...

WordPress SVT Simple Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software SVT Simple Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51759 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73a2fdbefeb6 Credits João Pedro S Alcântara Kinorth Required...

WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Security Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 39d130db7003 Credits...

WordPress Content Syndication Toolkit Reader Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Content Syndication Toolkit Reader Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c15b730abc5 Credits João Pedro S...

Huawei EulerOS: Security Advisory for orc (EulerOS-SA-2024-2790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Jigoshop – Store Toolkit Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Jigoshop – Store Toolkit Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84e860833836 Credits Zlrqh Required privilege...

WordPress Twitter real time search scrolling Plugin <= 7.0 is vulnerable to Cross Site Scripting (XSS)

Software Twitter real time search scrolling Type Plugin Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51716 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5ded87af36a1 Credits SOPROBRO Required...

zero-day

Zero-Day Vulnerabilities in Open-Source Projects This reposi...

WordPress Paytium Plugin <= 4.4.10 is vulnerable to Broken Access Control

Software Paytium Type Plugin Vulnerable versions = 4.4.10 Fixed in 4.4.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-51667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f67b49ade6f3 Credits Trương Hữu Phúc truonghuuphuc...

WordPress Magical Addons For Elementor Plugin <= 1.2.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-51665 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 7e66dec39a19 Credits João...

WordPress Otter - Gutenberg Block Plugin <= 3.0.3 is vulnerable to Broken Access Control

Software Otter - Gutenberg Block Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-51671 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 1f22a7b87ab8 Credits Rafie Muhammad...

WordPress Appointmind Plugin <= 4.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Appointmind Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51679 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 55eaeba7d578 Credits SOPROBRO Required...

WordPress Platform.ly Official Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Platform.ly Official Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.14 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51687 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8ba7cb51f2ab Credits SOPROBRO Requir...

WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection

Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...

WordPress Audio Comparison Lite Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Audio Comparison Lite Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0a5a84c2cb69 Credits SOPROBRO Required privilege...

WordPress MPG Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61dc998feee8 Credits Rafshanzani Suhada Required privilege...