WordPress Portfolio Gallery – Image Gallery Plugin Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Portfolio Gallery – Image Gallery Plugin Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29769 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 67413237e077 Credits LVT-tholv2k...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.24 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.24 Fixed in 4.5.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29795 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255b07899e6d Credits Ngô Thiên An ancorn from VNPT-V...

WordPress WP Fast Total Search Plugin <= 1.59.211 is vulnerable to Cross Site Scripting (XSS)

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.59.211 Fixed in 1.60.213 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29799 Patch priority Low CVSS severity Low 6.5 Developer Epsiloncool PSID 5e9e859d0b96 Credits Ngô Thiên An ancorn from VNPT-V...

WordPress Conversios.io Plugin <= 6.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.9.1 Fixed in 7.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29794 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8df60cff479f Credits Le Ngoc Anh Required privilege...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29906 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 19338c850285 Credits...

WordPress Cards for Beaver Builder Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Cards for Beaver Builder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2305 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2cce6bd9382 Credits Francesco...

WordPress WP Compress – Image Optimizer [All-In-One] Plugin <= 6.11.10 is vulnerable to Broken Access Control

Software WP Compress – Image Optimizer All-In-One Type Plugin Vulnerable versions = 6.11.10 Fixed in 6.11.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1934 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID c01c5919ea5a Credits...

KLA65276 OSI vulnerability in Microsoft Developer Tools

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2024-29059 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-.NET-Framework...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1948 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d76b6dbfa27e Credits Ngô Thiên An...

WordPress Memberpress Plugin <= 1.11.26 is vulnerable to Cross Site Scripting (XSS)

Software Memberpress Type Plugin Vulnerable versions = 1.11.26 Fixed in 1.11.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1412 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44159653a377 Credits Jamie Perrelet...

WordPress Easy Property Listings Plugin <= 3.5.2 is vulnerable to SQL Injection

Software Easy Property Listings Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1893 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 741d2179a015 Credits Krzysztof Zając Required privilege...

WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...

WordPress Avada Theme <= 7.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 07e5a74cda4c Credits Muhammad Zeeshan Xib3rR4dAr...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.7 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.7 Fixed in 1.6.7.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 36408cb83a66 Credits Krzysztof Zając Required privileg...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.76 is vulnerable to Sensitive Data Exposure

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.76 Fixed in 3.3.77 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2080 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01746b8cad8b Credits Muhammad Zeeshan...

WordPress WooCommerce Cloak Affiliate Links Plugin <= 1.0.33 is vulnerable to Broken Access Control

Software WooCommerce Cloak Affiliate Links Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1308 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 86ffc05e045a Credits Francesc...

WordPress Weglot Translate Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff81bdc0a325 Credits Ngô Thiên An ancorn -...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0df0ba101fff Credits Lucio Sá...