WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Broken Access Control

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43158 Patch priority Low CVSS severity Low 7.5 Developer Masteriyo PSID 9c29d6b5ac47 Credits Ananda Dhakal Patchstack Required...

WordPress Selection Lite Plugin <= 1.11 is vulnerable to Cross Site Scripting (XSS)

Software Selection Lite Type Plugin Vulnerable versions = 1.11 Fixed in 1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d02eb7c2b01 Credits 4rCanJ0x! Required privilege Contributor...

WordPress ParcelPanel Plugin <= 4.3.2 is vulnerable to Cross Site Scripting (XSS)

Software ParcelPanel Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43163 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6478ea4a7c9e Credits Le Ngoc Anh Required privilege...

WordPress CM Tooltip Glossary Plugin <= 4.3.7 is vulnerable to Cross Site Scripting (XSS)

Software CM Tooltip Glossary Type Plugin Vulnerable versions = 4.3.7 Fixed in 4.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17450d5816aa Credits LVT-tholv2k Required privilege...

WordPress Organization chart Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Organization chart Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7355 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 14d785205026 Credits Norbert Hofmann...

WordPress Depicter Slider Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Depicter Slider Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43161 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a6b4ac82b8a Credits savphill Required privilege Editor...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.4 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-43140 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5eacd8a2c878 Credits...

WordPress Sunshine Photo Cart Plugin <= 3.2.1 is vulnerable to Broken Access Control

Software Sunshine Photo Cart Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43136 Patch priority Low CVSS severity Low 4.3 Developer WP Sunshine PSID e9fdd2719690 Credits Manab Jyoti Dowarah Required...

WordPress FormCraft Plugin <= 1.2.10 is vulnerable to Broken Access Control

Software FormCraft Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43157 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1cdc8206182d Credits Manab Jyoti Dowarah Required...

WordPress Advanced Cron Manager – debug & control Plugin <= 2.5.9 is vulnerable to Broken Access Control

Software Advanced Cron Manager – debug & control Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.5.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7331ca5ca4a8 Credits...

WordPress WPSection Plugin <= 1.3.8 is vulnerable to Local File Inclusion

Software WPSection Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43165 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cd0a6805dc6f Credits João Pedro S Alcântara Kinorth Required privileg...

WordPress Cost Calculator Builder Plugin <= 3.2.15 is vulnerable to SQL Injection

Software Cost Calculator Builder Type Plugin Vulnerable versions = 3.2.15 Fixed in 3.2.16 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43144 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID fbb21d9d89fe Credits Trương Hữu Phúc truonghuuphuc Require...

WordPress Masteriyo - LMS Plugin <= 1.11.6 is vulnerable to Broken Access Control

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.12.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43159 Patch priority Low CVSS severity Low 5.3 Developer Masteriyo PSID 1a387af06f60 Credits Ananda Dhakal Patchstack Required...

WordPress House Manager Plugin <= 1.0.8.4 is vulnerable to Cross Site Scripting (XSS)

Software House Manager Type Plugin Vulnerable versions = 1.0.8.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3973 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf2e1703476c Credits Bob Matyas Required...

WordPress WPBakery Page Builder Plugin <= 7.7 is vulnerable to Local File Inclusion

Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.7 Fixed in 7.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5709 Patch priority Low CVSS severity Low 6.6 Developer WPBakery PSID 1374f7b043bd Credits João Pedro Soares de Alcântara Required privileg...

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

WordPress UsersWP Plugin < 1.2.12 is vulnerable to Sensitive Data Exposure

Software UsersWP Type Plugin Vulnerable versions 1.2.12 Fixed in 1.2.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6477 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 23cb0cdd0abd Credits Majdeddine Ben Hadj Brahim Require...

WordPress Horizontal scrolling announcements Plugin <= 2.4 is vulnerable to SQL Injection

Software Horizontal scrolling announcements Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5000 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a1ff35c414c3 Credits István Márton Required privilege...

WordPress collectchat Plugin < 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software collectchat Type Plugin Vulnerable versions 2.4.4 Fixed in 2.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6498 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0dd324fc130c Credits Fourcade Required privilege...

WordPress File Manager Pro Plugin <= 1.8.2 is vulnerable to Settings Change

Software File Manager Pro Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-7031 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID dd2b25032f95 Credits bart Required privilege Subscriber...