WordPress AMP for WP Plugin <= 1.0.93.1 is vulnerable to Broken Access Control

Software AMP for WP Type Plugin Vulnerable versions = 1.0.93.1 Fixed in 1.0.93.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1043 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c0cb8faa4a6 Credits Sean Murphy Required privileg...

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dd46b4b9ae28 Credits Lucio Sá Required privileg...

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6806 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1adb996175e5 Credits Sh Required privilege...

WordPress Elementor Website Builder Plugin <= 3.19.0 is vulnerable to Arbitrary File Deletion

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.19.0 Fixed in 3.19.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-24934 Patch priority Low CVSS severity Low 8.5 Developer Elementor PSID 8c8af1fc63cc Credits Rhynorater Justin...

WordPress Easy Digital Downloads Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0659 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ffe82c6fd12f Credits emad Required...

Mageia: Security Advisory (MGASA-2024-0023)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.1 is vulnerable to Broken Access Control

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1092 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d6dde9967d92 Credits Muhammad Daffa Requir...

WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Software Wonder Slider Lite Type Plugin Vulnerable versions = 13.9 Fixed in 14.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 535b8a842a2e Credits Dimas Maulana Required privileg...

WordPress Anonymous Restricted Content Plugin <= 1.6.2 is vulnerable to Bypass Vulnerability

Software Anonymous Restricted Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0909 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3b50fe0358a1 Credits Francesco Carlucci...

WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contest Gallery Type Plugin Vulnerable versions = 21.2.8.4 Fixed in 21.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24887 Patch priority Low CVSS severity Low 5.4 Developer Wasiliy Strecker PSID bc8832951ec5 Credits Dhabaleshwar D...

WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...

WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74b9c66453a9 Credits LVT-tholv2k Required privilege...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6.1 is vulnerable to Broken Access Control

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6.1 Fixed in 1.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0797 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0495675d205 Credits...

WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Debug Type Plugin Vulnerable versions = 1.10 Fixed in 1.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24798 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7c7ee723dce1 Credits Nguyen Xuan Chien Required...

WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...

Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options Run the below command in the developer console of the web browser while being on th...

WordPress Shareaholic Plugin <= 9.7.11 is vulnerable to Broken Access Control

Software Shareaholic Type Plugin Vulnerable versions = 9.7.11 Fixed in 9.7.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24709 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e941ba723f22 Credits Abdi Pranata Required...

WordPress Review Schema Plugin <= 2.1.14 is vulnerable to Broken Access Control

Software Review Schema Type Plugin Vulnerable versions = 2.1.14 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 61e084c0e677 Credits Francesco Carlucci Required...

WordPress Load More Anything Plugin <= 3.3.3 is vulnerable to Broken Access Control

Software Load More Anything Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24704 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 21a4ab3d4f55 Credits Elliot Required...