WordPress WooCommerce Customers Manager Plugin < 29.7 is vulnerable to SQL Injection

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.7 Fixed in 29.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0399 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3c8fe0630d48 Credits Ivan Spiridonov Required privilege...

WordPress DethemeKit For Elementor Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c3d2d2de543b Credits Khalid Yusuf Required privile...

WordPress Inline Related Posts Plugin < 3.6.0 is vulnerable to Broken Access Control

Software Inline Related Posts Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c2f0b627f547 Credits Krzysztof Zając CERT PL...

WordPress Radio Player Plugin <= 2.0.73 is vulnerable to Sensitive Data Exposure

Software Radio Player Type Plugin Vulnerable versions = 2.0.73 Fixed in 2.0.74 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32506 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4e6e2407c28d Credits Steven Julian Required...

WordPress Find Duplicates Plugin <= 1.4.6 is vulnerable to SQL Injection

Software Find Duplicates Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32127 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 52116cf54a22 Credits Le Ngoc Anh Required privilege Subscriber Publish...

WordPress Download Manager Plugin <= 3.2.82 is vulnerable to Bypass Vulnerability

Software Download Manager Type Plugin Vulnerable versions = 3.2.82 Fixed in 3.2.83 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-32131 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d970a3e505ee Credits Liu Shaohong Required...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to SQL Injection

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32128 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID df09fa02a23c Credits Joshua Chan Required privilege...

WordPress Fatal Error Notify Plugin <= 1.5.2 is vulnerable to Broken Access Control

Software Fatal Error Notify Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32455 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f9eea9e690c Credits Abdi Pranata Required...

WordPress SEO Booster Plugin <= 3.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software SEO Booster Type Plugin Vulnerable versions = 3.8.9 Fixed in 3.8.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-32438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3512a5ab10e4 Credits Joshua Chan Required privile...

WordPress BWL Advanced FAQ Manager Plugin <= 2.0.3 is vulnerable to SQL Injection

Software BWL Advanced FAQ Manager Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32136 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3156ca152b4d Credits Ivan Spiridonov Required privilege...

WordPress Podlove Podcast Publisher Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32143 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID fc4ae0b13cd1 Credits Abdi Pranata...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...

WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment Plugin <= 2.6.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Appointment Bookings for Zoom GoogleMeet and more – Wappointment Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32454 Patch priority Low CVSS severity Low 4.4 Developer...

WordPress Easy Contact Form Lite Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Easy Contact Form Lite Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1074c1b0d54 Credits Abdi Pranata Required privile...

WordPress BA Book Everything Plugin <= 1.6.4 is vulnerable to SQL Injection

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32125 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d47407126364 Credits Thanh Nam Tran Required privilege Contributor...

WordPress InstaWP Connect Plugin <= 0.1.0.22 is vulnerable to Arbitrary File Upload

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.22 Fixed in 0.1.0.23 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2667 Patch priority High CVSS severity High 10 Developer InstaWP PSID 6dfa02024fd7 Credits AtaTurk1925 Required privilege...

WordPress MWW Disclaimer Buttons Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MWW Disclaimer Buttons Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-32428 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 22fa1a3682eb Credits Cronus Required...

WordPress AWP Classifieds Plugin <= 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AWP Classifieds Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32447 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3cf46b4fcbdc Credits Peng Zhou Required...

Advocate Office Management System SQL注入漏洞

Advocate Office Management System is an office management system by the individual developer mayurik. A SQL injection vulnerability exists in Advocate Office Management System version 1.0, which originates from a SQL injection vulnerability in the file /control/registercase.php...

WordPress Citadela Listing Plugin <= 5.18.1 is vulnerable to Sensitive Data Exposure

Software Citadela Listing Type Plugin Vulnerable versions = 5.18.1 Fixed in 5.19.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32086 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a5c3aebb62b7 Credits Dave Jong Patchstack...