WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...

WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability

Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...

The vulnerability of the Servlet component of the Oracle Reports Developer reporting software allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Servlet component in the Oracle Reports Developer reporting software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...

WordPress pz-frontend-manager Plugin < 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software pz-frontend-manager Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00622e75c008 Credits Vuln Seeker...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38795 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e3cbe0b07232 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39619 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 340c55b26054 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 234 is vulnerable to Broken Access Control

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 234 Fixed in 235 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-38792 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b86aa3788718...

Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain...

WordPress Addonify Plugin <= 1.2.16 is vulnerable to Sensitive Data Exposure

Software Addonify Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6560 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d0b06da3556d Credits stealthcopter Required privileg...

WordPress Timetable and Event Schedule Plugin <= 2.4.13 is vulnerable to PHP Object Injection

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-39630 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 6ee205917cb2 Credits !\VNPT\ Nguyễn Phương...

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39622 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ecd756a53e31 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Bug Library Plugin < 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bug Library Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33f82588687d Credits Bob Matyas Required privilege...

WordPress CTX Feed Plugin <= 6.5.6 is vulnerable to Privilege Escalation

Software CTX Feed Type Plugin Vulnerable versions = 6.5.6 Fixed in 6.5.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38775 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID cbdae09cf674 Credits stealthcopter Required privilege Sh...

WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...

WordPress Filter & Grids Plugin < 2.8.33 is vulnerable to Local File Inclusion

Software Filter & Grids Type Plugin Vulnerable versions 2.8.33 Fixed in 2.8.33 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6164 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fa64410035b5 Credits Project Black Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.26 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.26 Fixed in 5.7.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5703 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1ed8caccfad Credits Arkadiusz...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.33 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.33 Fixed in 1.34.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5582 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eff26d1a4e3 Credits...