PT-2024-22226 · Unknown · Mini Thread

Name of the Vulnerable Software and Affected Versions: Mini Thread version 3.33βi Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users are...

WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2121 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 384f5531d486 Credits wesley wcraft Required privilege...

PT-2024-22278 · Unknown · 0Ch Bbs Script

Name of the Vulnerable Software and Affected Versions: 0ch BBS Script version 4.00 Description: A cross-site scripting vulnerability exists in the product, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was...

WordPress WholesaleX Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WholesaleX Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30234 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d5e0c742e615 Credits Emili Castells Required...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.11 Fixed in 5.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 33b39d3a1006 Credits Rafie Muhammad...

WordPress Media Library Assistant Plugin <= 3.13 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2871 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 35f3b6344141 Credits stealthcopter Required privilege Contributor...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...

WordPress Contact Form to Any API Plugin <= 1.1.8 is vulnerable to SQL Injection

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30242 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f2d596609a9a Credits Le Ngoc Anh Required privilege Subscrib...

WordPress Calendarista Plugin <= 15.5.7 is vulnerable to SQL Injection

Software Calendarista Type Plugin Vulnerable versions = 15.5.7 Fixed in 15.5.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30240 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c87b524aa9f2 Credits Ivan Spiridonov Required privilege Subscriber...

WordPress Easy Textillate Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Easy Textillate Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2fef30ce1b2 Credits Tien Luong Required...

WordPress Link Whisper Free Plugin <= 0.7.1 is vulnerable to PHP Object Injection

Software Link Whisper Free Type Plugin Vulnerable versions = 0.7.1 Fixed in 0.7.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2693 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 1e82ed02e277 Credits Francesco Carlucci Required privile...

WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control

Software Max Mega Menu Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ddcba15780a Credits Rafie Muhammad Patchstack Require...

WordPress Colibri Page Builder Plugin <= 1.0.248 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.248 Fixed in 1.0.249 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28004 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13159cde48e3 Credits Rafie Muhammad...

WordPress RegistrationMagic Plugin <= 5.3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.0.0 Fixed in 5.3.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-2951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d9399326561 Credits Joshua Chan Required...

WordPress Cornerstone Plugin <= 0.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cornerstone Type Plugin Vulnerable versions = 0.8.0 Fixed in 0.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-28002 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e17127f05be4 Credits Rafie Muhammad Patchstack Required...

WordPress GiveWP Plugin <= 3.4.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30229 Patch priority Medium CVSS severity Medium 8 Developer Liquid Web / StellarWP PSID 9a991fbaf7bc Credits Rafie Muhammad Patchstack Required...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.1.4 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-29100 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID cd77a38bda8f Credits Rafie Muhammad Patchstac...

WordPress Stratum Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software Stratum Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d8d138923e6 Credits Khalid Yusuf Required privilege Contributor...

WordPress Grid Shortcodes Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Grid Shortcodes Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 001d3493f64b Credits Ngô Thiên An ancorn from VNPT-VCI Requir...