WordPress Bug Library Plugin < 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bug Library Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33f82588687d Credits Bob Matyas Required privilege...

WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...

WordPress Filter & Grids Plugin < 2.8.33 is vulnerable to Local File Inclusion

Software Filter & Grids Type Plugin Vulnerable versions 2.8.33 Fixed in 2.8.33 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6164 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fa64410035b5 Credits Project Black Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.26 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.26 Fixed in 5.7.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5703 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1ed8caccfad Credits Arkadiusz...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.33 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.33 Fixed in 1.34.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5582 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eff26d1a4e3 Credits...

CVE-2024-21133

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Servlet. Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports...

CVE-2024-21133

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Servlet. Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports...

CVE-2024-21133

CVE-2024-21133 affects Oracle Reports Developer (Servlet) in Oracle Fusion Middleware. The root cause is insufficient input validation in the Servlet component, impacting versions 12.2.1.4.0 through 12.2.1.19.0. An unauthenticated attacker with network access via HTTP can cause unauthorized read,...

PT-2024-5086 · Oracle · Oracle Reports Developer

Name of the Vulnerable Software and Affected Versions: Oracle Reports Developer versions 12.2.1.4.0 through 12.2.1.19.0 Description: The issue is related to insufficient input validation in the Servlet component of Oracle Reports Developer. This can be exploited by a remote attacker to gain read,...

WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control

Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...

WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...

WordPress WP Links Page Plugin <= 4.9.5 is vulnerable to Broken Access Control

Software WP Links Page Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6465 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b1e0ddf2ea6 Credits Lucio Sá Required privilege...

WordPress Seriously Simple Podcasting Plugin < 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3751 Patch priority Low CVSS severity Low 5.9 Developer Castos PSID a88cd16d6fc7 Credits Thanh Hang Required...

WordPress Tournamatch Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Tournamatch Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5627 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 160ba992cf57 Credits Davide Balzano Required...

WordPress Smart Image Gallery Plugin < 1.0.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Image Gallery Type Plugin Vulnerable versions 1.0.19 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13b040259b7b Credits Bob Matyas...

WordPress Hostel Plugin < 1.1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Hostel Type Plugin Vulnerable versions 1.1.5.3 Fixed in 1.1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8eec664963a4 Credits Bob Matyas Required...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6072 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 416714c64e72 Credits Bob Matyas Required...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 671675d484b6 Credits Bob Matyas Required privilege...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

WordPress CM Email Registration Blacklist and Whitelist Plugin < 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Email Registration Blacklist and Whitelist Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 352ac64ce637...