WordPress WP Meta SEO Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6961 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6aa5d92333a8 Credits Krzysztof Zając...

WordPress Wp Ultimate Review Plugin <= 2.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Wp Ultimate Review Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b452df5fd16 Credits Kyle...

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress Content Control Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Content Control Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0615 Patch priority Low CVSS severity Low 5.3 Developer Code Atlantic LLC PSID 3c7e15ef621e Credits Francesco Carlucci Required...

WordPress WP Social Comments Plugin <= 1.7.3 is vulnerable to Broken Access Control

Software WP Social Comments Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a443a3a545ff Credits Friday Required privilege...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.7 is vulnerable to Server Side Request Forgery (SSRF)

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.7 Fixed in 4.4.8 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-6805 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b683d6b9d5c6 Credits Colin Xu...

GHSA-X674-V45J-FWXW MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service

!IMPORTANT ONLY applications targeting Xamarin Android and .NET Android MAUI are impacted. All others can safely dismiss this CVE. Impact MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.3 inclusive, except 4.59.1 and 4.60....

WordPress Attesa Extra Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Attesa Extra Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32594 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4bca51f18f29 Credits Khalid Yusuf Required privilege Contribut...

WordPress WooCommerce Google Feed Manager Plugin <= 2.4.2 is vulnerable to SQL Injection

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3067 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7ac4b8e7f509 Credits Krzysztof Zając Required privilege...

WordPress CBX Bookmark & Favorite Plugin <= 1.7.20 is vulnerable to Cross Site Scripting (XSS)

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.20 Fixed in 1.7.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32577 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c797afa81115 Credits LVT-tholv2k Required privile...

WordPress BA Book Everything Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32576 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aedca1bff1c3 Credits LVT-tholv2k Required privilege...

WordPress Tainacan Interface Theme <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Tainacan Interface Type Theme Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3867 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dcbddfa32a84 Credits Matheus Nascimento de...

WordPress WP Stripe Checkout Plugin <= 1.2.2.41 is vulnerable to Cross Site Scripting (XSS)

Software WP Stripe Checkout Type Plugin Vulnerable versions = 1.2.2.41 Fixed in 1.2.2.42 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8bb03353bba3 Credits LVT-tholv2k Required privileg...

WordPress WP Helper Premium Plugin < 4.6.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Helper Premium Type Plugin Vulnerable versions 4.6.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32595 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f98f0aa22fb Credits thiennv Required privilege...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32562 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b69a38ab3f39 Credits Dave Jong Patchstack Required privilege...

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...

WordPress HurryTimer Plugin <=2.9.2 is vulnerable to Cross Site Scripting (XSS)

Software HurryTimer Type Plugin Vulnerable versions =2.9.2 Fixed in 2.10.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32556 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3a1dca35035 Credits Joshua Chan Required privilege Contributor...

WordPress Backend Designer Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Backend Designer Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32591 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6752a98d119 Credits Cronus Required privilege Administrator...

WordPress Slider by 10Web Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32578 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3808548b6dad Credits Dimas Maulana Required privile...