WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...

WordPress DocumentPress Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DocumentPress Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9ccb703f5e18 Credits Mika Required privilege Unauthenticate...

WordPress Risk Warning Bar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Risk Warning Bar Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49638 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 36cfba44579b Credits Mika Required privilege...

WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9231 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0e4e11a3431f Credits vgo0 Required...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9589 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c6a133f113d Credits István...

WordPress Bet WC 2018 Russia Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Bet WC 2018 Russia Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49637 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4d264180c24 Credits Le Ngoc Anh Required privilege...

WordPress AI Image Generator for Your Content & Featured Images – AI Postpix Plugin <= 1.1.8 is vulnerable to Arbitrary File Upload

Software AI Image Generator for Your Content & Featured Images – AI Postpix Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-49671 Patch priority High CVSS severity High 9.9 Developer Claim ownership...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.9 is vulnerable to Sensitive Data Exposure

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9889 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7d169fa5766f Credits Ankit...

WordPress Debrandify Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Debrandify Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9674 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0ed7b307aa52 Credits Francesco Carlucci Required...

WordPress SW Contact Form Plugin <= 1.0 is vulnerable to SQL Injection

Software SW Contact Form Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49612 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 50cfc368b184 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress StreamWeasels Twitch Integration Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 924e5605229d Credits Peter...

WordPress MyTweetLinks Plugin <= 1.1.1 is vulnerable to SQL Injection

Software MyTweetLinks Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49618 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 011544e8e2d0 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.3 is vulnerable to SQL Injection

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25218 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6b8bcb14a865 Credits Ala Arfaoui...

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Advanced Advertising System Plugin <= 1.3.1 is vulnerable to PHP Object Injection

Software Advanced Advertising System Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02d433e2c1ec Credits Mika Required privilege...

WordPress Duplicate Title Validate Plugin <= 1.0 is vulnerable to SQL Injection

Software Duplicate Title Validate Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49623 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62fe8295ce3c Credits Muhamad Agil Fachrian Required privilege...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several Database products and subsystems, including the Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer and Secure Backup. A malicious party can exploit the vulnerabilities to launch attacks that can lead to t...

WordPress DPD Baltic Shipping Plugin <= 1.2.83 is vulnerable to Cross Site Scripting (XSS)

Software DPD Baltic Shipping Type Plugin Vulnerable versions = 1.2.83 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9350 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5aa369cd88 Credits vgo0 Required...

WordPress Advanced Custom Fields Plugin <= 6.3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6.2 Fixed in 6.3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb0621a063a9 Credits Duc Luong Tran Required privilege...

WordPress WP Photo Album Plus Plugin <= 8.8.05.003 is vulnerable to Cross Site Scripting (XSS)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.05.003 Fixed in 8.8.07.004 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9951 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 361cb23fe9c7 Credits Noah...