WordPress Audio Record Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Audio Record Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51792 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6342416d8183 Credits stealthcopter Required privilege Unauthenticate...

WordPress Smooth Maps Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Smooth Maps Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7ae7d310b6c4 Credits SOPROBRO Required privilege Contributor...

WordPress Text Advertisements Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Text Advertisements Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4a6f56c833e Credits SOPROBRO Required privilege Contributo...

WordPress Social button Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Social button Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3298adb5e8ae Credits SOPROBRO Required privilege Contributor...

WordPress WoW Guild Armory Roster Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WoW Guild Armory Roster Type Plugin Vulnerable versions = 0.5.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 56dc451178b5 Credits SOPROBRO Required privilege...

WordPress Blocks Post Grid Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Blocks Post Grid Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51928 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c0aa1ee5be51 Credits Gab Required privilege Contributor...

WordPress Trendy Restaurant Menu Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Trendy Restaurant Menu Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5538c79e9ace Credits SOPROBRO Required privilege...

WordPress News Ticker Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software News Ticker Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51830 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 31c1d84151aa Credits SOPROBRO Required privilege Contributor...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10325 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3bcf490aa26b...

WordPress Responsive Addons for Elementor Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Addons for Elementor Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52358 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e0984c9c585 Credits Khalid Yusuf Required...

WordPress Horsemanager Plugin <= 1.3 is vulnerable to SQL Injection

Software Horsemanager Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51843 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f1d36b40ea39 Credits LVT-tholv2k Required privilege Contributor Published 8...

WordPress Envo Extra Plugin <= 1.9.3 is vulnerable to Sensitive Data Exposure

Software Envo Extra Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10770 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c74e911b1aae Credits Francesco Carlucci Required privilege...

WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...

izone 安全漏洞

izone is a Django-based blogging project by the individual developer of Hopetree. A security vulnerability exists in izone, which stems from the pushurls and geturls functions in apps oolapisdpush.py containing a server-side request forgery...

Toll Tax Management System 安全漏洞

Toll Tax Management System is a toll tax management system by the individual developer Carlo Montero. A security vulnerability exists in Toll Tax Management System version 1.0, which originates from a cross-site scripting vulnerability in the owner parameter of managerecipient.php...

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...

WordPress WP Membership Plugin <= 1.6.2 is vulnerable to Arbitrary File Upload

Software WP Membership Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10547 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 06e3f08b54a5 Credits Tonn Required privilege Unauthenticated...

WordPress Landing Page Cat Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a9da6507309 Credits vgo0 Required...

WordPress OSM – OpenStreetMap Plugin <= 6.1.2 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52355 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68bca5f9bb55 Credits Junwoo Kang Required privilege...

WordPress Awesome Fitness Testimonials Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Fitness Testimonials Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51806 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6dc5acf46761 Credits SOPROBRO Required privilege...