WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...

WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Privilege Escalation

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33569 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID d731bc7eedd6 Credits Rafie...

WordPress Blocksy Theme <= 2.0.39 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.39 Fixed in 2.0.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3747 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 3ec8e6a91460 Credits Ngô Thiên An ancorn Required...

WordPress Recencio Book Reviews Plugin <= 1.66.0 is vulnerable to Cross Site Scripting (XSS)

Software Recencio Book Reviews Type Plugin Vulnerable versions = 1.66.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33648 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d6b95a95ae6 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress XStore Theme <= 9.3.8 is vulnerable to Settings Change

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33564 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fefe041fa298 Credits Rafie Muhammad Patchstack Required privileg...

WordPress PropertyHive Plugin <= 2.0.12 is vulnerable to Broken Access Control

Software PropertyHive Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 20b9880edd45 Credits Lucio Sá Required privilege...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Local File Inclusion

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33557 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 942a9619d048 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Better Elementor Addons Plugin <= 1.4.1 is vulnerable to Local File Inclusion

Software Better Elementor Addons Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-33541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62efde4398ca Credits Ray Wilson Required...

WordPress Chaty Plugin < 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions 3.1.9 Fixed in 3.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2972 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de00cfe54026 Credits Dmitrii Ignatyev Required privilege...

WordPress WooCommerce Customers Manager Plugin < 29.8 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.8 Fixed in 29.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1743 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 088073d3e0c4 Credits Erwan LR...

WordPress FileOrganizer Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2324 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee105a346d17 Credits Nikolas Required privilege...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

TvRock vulnerable to cross-site request forgery

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. During the meeting of Committee for authorizing the disclosure of unresolved...

TvRock vulnerable to denial-of-service (DoS)

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. During the meeting of Committee for authorizing the disclosure of unresolved...

WordPress Quick Featured Images Plugin <= 13.7.0 is vulnerable to Broken Access Control

Software Quick Featured Images Type Plugin Vulnerable versions = 13.7.0 Fixed in 13.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3664 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 955c9c9acc5c Credits Lucio Sá Required...

JVN#24683352: TvRock vulnerable to cross-site request forgery

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...

WordPress Social Warfare Plugin <= 4.4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.6.1 Fixed in 4.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4ca6fb05821 Credits Krzysztof Zając...

WordPress Booking Ultra Pro Plugin <= 1.1.12 is vulnerable to Privilege Escalation

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.12 Fixed in 1.1.13 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-32960 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 13ea86acc945 Credits Emili Castells...

WordPress Seers Plugin <= 8.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Seers Type Plugin Vulnerable versions = 8.1.0 Fixed in 8.1.1 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-32789 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID e0239ca83176 Credits Le Ngoc Anh Required privilege...

WordPress Podlove Podcast Publisher Plugin <= 4.0.14 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.14 Fixed in 4.0.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32712 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 03f3d1e3ccd2 Credits LVT-tholv2k...