WordPress WP Sessions Time Monitoring Full Automatic Plugin <= 1.0.9 is vulnerable to SQL Injection

Software WP Sessions Time Monitoring Full Automatic Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49681 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5ddec7a4af4c Credits stealthcopter Requir...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.3.5 is vulnerable to Sensitive Data Exposure

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.36 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-49683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb194b3fd454 Credits Joshua...

WordPress AI Image Generator for Your Content & Featured Images – AI Postpix Plugin <= 1.1.8 is vulnerable to Arbitrary File Upload

Software AI Image Generator for Your Content & Featured Images – AI Postpix Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-49671 Patch priority High CVSS severity High 9.9 Developer Claim ownership...

WordPress StreamWeasels Twitch Integration Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 924e5605229d Credits Peter...

WordPress Duplicate Title Validate Plugin <= 1.0 is vulnerable to SQL Injection

Software Duplicate Title Validate Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49623 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62fe8295ce3c Credits Muhamad Agil Fachrian Required privilege...

WordPress Debrandify Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Debrandify Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9674 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0ed7b307aa52 Credits Francesco Carlucci Required...

WordPress Advanced Advertising System Plugin <= 1.3.1 is vulnerable to PHP Object Injection

Software Advanced Advertising System Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02d433e2c1ec Credits Mika Required privilege...

WordPress MyTweetLinks Plugin <= 1.1.1 is vulnerable to SQL Injection

Software MyTweetLinks Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49618 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 011544e8e2d0 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.3 is vulnerable to SQL Injection

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25218 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6b8bcb14a865 Credits Ala Arfaoui...

WordPress SW Contact Form Plugin <= 1.0 is vulnerable to SQL Injection

Software SW Contact Form Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49612 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 50cfc368b184 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.9 is vulnerable to Sensitive Data Exposure

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9889 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7d169fa5766f Credits Ankit...

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several Database products and subsystems, including the Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer and Secure Backup. A malicious party can exploit the vulnerabilities to launch attacks that can lead to t...

WordPress DPD Baltic Shipping Plugin <= 1.2.83 is vulnerable to Cross Site Scripting (XSS)

Software DPD Baltic Shipping Type Plugin Vulnerable versions = 1.2.83 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9350 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5aa369cd88 Credits vgo0 Required...

WordPress Royal Elementor Addons Plugin <= 1.3.986 is vulnerable to Sensitive Data Exposure

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.986 Fixed in 1.3.987 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-7417 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 4060f71c187f Credits stealthcopter Required...

WordPress Calculated Fields Form Plugin <= 5.2.45 is vulnerable to Content Injection

Software Calculated Fields Form Type Plugin Vulnerable versions = 5.2.45 Fixed in 5.2.46 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9940 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bb237d0845c6 Credits Max Boll b0lli Required privile...

WordPress WP Photo Album Plus Plugin <= 8.8.05.003 is vulnerable to Cross Site Scripting (XSS)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.05.003 Fixed in 8.8.07.004 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9951 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 361cb23fe9c7 Credits Noah...

WordPress PublishPress Authors Plugin <= 4.7.1 is vulnerable to Privilege Escalation

Software PublishPress Authors Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9215 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID dc9bff13d8f2 Credits wesley wcraft Required...

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-9862 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 712edfb96dcd Credits...