WordPress Zeever Theme <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zeever Type Theme Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 920f9a11d3ed Credits Dhabaleshwar Das Required...

WordPress Hugo WP Theme <= 1.0.8 is vulnerable to Broken Access Control

Software Hugo WP Type Theme Vulnerable versions = 1.0.8 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b2b5b58a00f1 Credits Dhabaleshwar Das Required privilege...

WordPress Duplicate Post Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Duplicate Post Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8977e93ea85 Credits Dhabaleshwar Das Required...

WordPress Althea WP Theme <= 1.0.13 is vulnerable to Broken Access Control

Software Althea WP Type Theme Vulnerable versions = 1.0.13 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5f642c59b Credits Dhabaleshwar Das Required privileg...

WordPress Backup Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8830eaae290 Credits Dhabaleshwar Das Required...

WordPress Photology Theme <= 1.1.3 is vulnerable to Broken Access Control

Software Photology Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29f6cff8157b Credits Dhabaleshwar Das Required privilege...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress MainWP Child Reports Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33680 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2150654abae2 Credits Brandon Roldan...

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...

WordPress Hide Dashboard Notifications Plugin <= 1.2.3 is vulnerable to Bypass Vulnerability

Software Hide Dashboard Notifications Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-33683 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 793df8ee1fe3 Credits Dhabaleshwar Das...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2603 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3efd4f7767a Credits Bob Matyas Required...

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

WordPress Assistant – Every Day Productivity Apps Plugin <= 1.4.9.1 is vulnerable to Sensitive Data Exposure

Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions = 1.4.9.1 Fixed in 1.4.9.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-33538 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...

WordPress WPPizza Plugin <= 3.18.10 is vulnerable to Broken Access Control

Software WPPizza Type Plugin Vulnerable versions = 3.18.10 Fixed in 3.18.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d7917e7b15a2 Credits Majed Refaea Required...

WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

WordPress Essential Addons for Elementor Plugin <= 5.9.15 is vulnerable to Sensitive Data Exposure

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.15 Fixed in 5.9.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3733 Patch priority Low CVSS severity Low 5.3 Developer WPDeveloper PSID 0f72cfe9f2f9 Credits Webbernaut...

WordPress Knowledge Base documentation & wiki plugin – BasePress Plugin <= 2.16.1 is vulnerable to Broken Access Control

Software Knowledge Base documentation & wiki plugin – BasePress Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33588 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...

WordPress WP Portfolio Theme <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Portfolio Type Theme Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33537 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 960b34eee068 Credits stealthcopter Required privilege Contributor...