WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Void Contact Form 7 Widget For Elementor Page Builder Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5419 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...

WordPress Newspack Ads Plugin <= 1.47.1 is vulnerable to Cross Site Scripting (XSS)

Software Newspack Ads Type Plugin Vulnerable versions = 1.47.1 Fixed in 1.47.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37474 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8d60e34d1ee Credits Rafie Muhammad Patchstack Required...

WordPress Pagerank Tools Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Pagerank Tools Type Plugin Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed7753fdc52a Credits Bob Matyas Required...

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress AWSM Team Plugin <= 1.3.1 is vulnerable to Local File Inclusion

Software AWSM Team Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a8caf37850ed Credits João Pedro S Alcântara Kinorth...

Medicine Tracker System SQL Injection Vulnerability

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A SQL injection vulnerability exists in Medicine Tracker System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to an SQL injection...

WordPress Seo Optimized Images Plugin 2.1.2 is vulnerable to Backdoor

Software Seo Optimized Images Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 88a9e93519c2 Credits WordFence Required privilege Unauthenticated...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e5ceb2ec6d1 Credits Rafie Muhamma...

WordPress Conversios.io Plugin <= 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ca27caeedd00 Credits Ulyses Saicha Requir...

WordPress Uncanny Toolkit Pro for LearnDash Plugin < 4.1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Uncanny Toolkit Pro for LearnDash Type Plugin Vulnerable versions 4.1.4.1 Fixed in 4.1.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37436 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 95db5389fd59 Credits Dave Jong...

WordPress Slider Revolution Plugin <= 6.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.7.13 Fixed in 6.7.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37449 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 0c45389d2eaa Credits wcraft Required privilege Administrator...

WordPress PowerPress Podcasting Plugin 11.9.3-11.9.4 is vulnerable to Backdoor

Software PowerPress Podcasting Type Plugin Vulnerable versions 11.9.3-11.9.4 Fixed in 11.9.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID cc7a51200190 Credits WordFence Required privilege...

WordPress WidgetKit Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software WidgetKit Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 351434df7944 Credits 4rCanJ0x! Required privilege Contributor...

WordPress OnePress Theme <= 2.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software OnePress Type Theme Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37448 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c9968969f7ad Credits Dhabaleshwar Das Required...

WordPress Theron Lite Theme <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Theron Lite Type Theme Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5cd651aaada Credits Francesco Carlucci Required...

WordPress WP Server Health Stats Plugin 1.7.6 is vulnerable to Backdoor

Software WP Server Health Stats Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 45a546f4e251 Credits WordFence Required privilege Unauthenticated...

WordPress Perfect Portfolio Theme <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Perfect Portfolio Type Theme Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 073cf0103125 Credits Dhabaleshwar Das...

WordPress Striking Theme <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Striking Type Theme Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37267 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2195a58a6bf5 Credits Rafie Muhammad Patchstack Required...