WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47374 Patch priority Medium CVSS severity Medium 7.1 Developer Hai Zheng / Lite Speed Cache PSID b2ad66b394ec Credits TaiYou Required...

WordPress Depicter Slider Plugin <= 3.2.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47359 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fe95aaab539d Credits Rafie Muhammad Patchstack...

WordPress WP Bulk Delete Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Bulk Delete Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47352 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc28e517fd6c Credits Dimas Maulana Required privilege...

WordPress The Post Grid Plugin < 7.5.0 is vulnerable to Cross Site Scripting (XSS)

Software The Post Grid Type Plugin Vulnerable versions 7.5.0 Fixed in 7.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3635 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID e1b0ed6ba0a7 Credits Dmitrii Ignatyev Required...

WordPress Cozy Blocks Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Cozy Blocks Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47355 Patch priority Low CVSS severity Low 6.5 Developer CozyThemes PSID 141e18cb775e Credits Khalid Yusuf Required privilege Contributor...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47394 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2995ae22faae Credits Bonds Required privilege Unauthenticat...

WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Broken Access Control

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47361 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID 2e7a1c5b31a1 Credits Rafie Muhammad Patchstack...

WordPress Premium Blocks – Gutenberg Blocks for WordPress Plugin <= 2.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Blocks – Gutenberg Blocks for WordPress Type Plugin Vulnerable versions = 2.1.33 Fixed in 2.1.34 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47368 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f6e2745653a5 Credits João Pedro ...

WordPress Confetti Fall Animation Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Confetti Fall Animation Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47641 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1b31f88b4d3 Credits stealthcopter Required privilege...

编号撤回

Simple Spellchecker is a spellchecker module for Node.js by José Personal Developer. This CVE number has been withdrawn...

WordPress Bold Page Builder Plugin < 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions 5.1.1 Fixed in 5.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47391 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6f2249a87cc9 Credits Robert DeVore Required privilege...

WordPress Web Directory Free Plugin <= 1.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Web Directory Free Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47379 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7db5790f7ffc Credits Certus Cybersecurity Required...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47366 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID e5b93a793554 Credits João Pedro S Alcântara Kinorth...

WordPress WP MyLinks Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software WP MyLinks Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a980ce4c70f6 Credits SOPROBRO Required privilege Editor Publishe...

WordPress Quill Forms Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Quill Forms Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47393 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34a391a0728b Credits LVT-tholv2k Required privilege Contributor...

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Broken Access Control

Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7714 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

WordPress Newsletters Plugin <= 4.9.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletters Type Plugin Vulnerable versions = 4.9.9.1 Fixed in 4.9.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47346 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a4418b91ec6 Credits Le Ngoc Anh Required privilege...

WordPress Absolute Reviews Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Absolute Reviews Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8965 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a21e8c7a2d18 Credits Muhammad Adel ItsFadinG...