WordPress Amelia Plugin <= 1.0.98 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e85735d453 Credits Muhammad Hassham Nagori...

WordPress Calculated Fields Form Plugin 5.0.0-5.1.56 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions 5.0.0-5.1.56 Fixed in 5.1.57 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2020 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f60c98fd9fe8 Credits Asaf...

Daily Habit Tracker Cross-Site Scripting Vulnerability

Daily Habit Tracker is a daily habit tracker by rems individual developer. A cross-site scripting vulnerability exists in version 1.0 of Daily Habit Tracker, which stems from a cross-site scripting issue in the /endpoint/update-tracker.php file...

WordPress Exclusive Addons Elementor Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eec3f461cc61 Credits Webbernaut...

WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow Plugin <= 1.3.8 is vulnerable to PHP Object Injection

Software Slider Responsive Slideshow – Image slider, Gallery slideshow Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.4.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1859 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID ee68c742498b...

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

WordPress Avada Theme <= 7.11.4 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.4 Fixed in 7.11.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1468 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 3720cafcf208 Credits Muhammad Zeeshan Xib3rR4dAr Required privilege...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

MikroTik RouterOS Path Traversal (CVE-2019-3976)

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. This...

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Broken Authentication

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-6584 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f4a18b4236e5 Credits Marc Montpas...

Computer Book Store Security Breach

Computer Book Store is an online bookstore system by the individual developer Carmelo Garcia. A security vulnerability exists in Computer Book Store version 1.0, which originates from the system's susceptibility to SQL injection attacks...

WordPress Rolo Slider Plugin <= 1.0.9 is vulnerable to Settings Change

Software Rolo Slider Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-1438 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 601d954731d6 Credits Emili Castells Required privilege...

WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software postMash – custom post order Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f81d96aa3cf3 Credits Dimas Maulana Require...

WordPress BeePress Plugin <= 6.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software BeePress Type Plugin Vulnerable versions = 6.9.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-27197 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23f23a1e9a56 Credits Majed Refaea Required...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0830 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c14d6f7a75c Credits Francesco...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1810 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 20ae6785aa4a Credi...

WordPress Slivery Extender Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software Slivery Extender Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27191 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID d59c4b4628dc Credits LVT-tholv2k Required privilege...