WordPress Bakes And Cakes Theme <= 1.2.6 is vulnerable to Broken Access Control

Software Bakes And Cakes Type Theme Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37496 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1a64d1962d4 Credits Dhabaleshwar Das Required...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.1.3 is vulnerable to Local File Inclusion

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-37501 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 09c35e44898b Credits João Pedro S Alcântar...

WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor

Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress YITH WooCommerce Affiliates Plugin <= 3.8.0 is vulnerable to Backdoor

Software YITH WooCommerce Affiliates Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer YITH PSID 6b928027e13c Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress WPJAM Basic Plugin <= 6.6.2 is vulnerable to Backdoor

Software WPJAM Basic Type Plugin Vulnerable versions = 6.6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Denishua PSID 1065bbb5d5e9 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Void Contact Form 7 Widget For Elementor Page Builder Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5419 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...

WordPress Pagerank Tools Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Pagerank Tools Type Plugin Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed7753fdc52a Credits Bob Matyas Required...

WordPress Newspack Ads Plugin <= 1.47.1 is vulnerable to Cross Site Scripting (XSS)

Software Newspack Ads Type Plugin Vulnerable versions = 1.47.1 Fixed in 1.47.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37474 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8d60e34d1ee Credits Rafie Muhammad Patchstack Required...

WordPress AWSM Team Plugin <= 1.3.1 is vulnerable to Local File Inclusion

Software AWSM Team Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a8caf37850ed Credits João Pedro S Alcântara Kinorth...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

Medicine Tracker System SQL Injection Vulnerability

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A SQL injection vulnerability exists in Medicine Tracker System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to an SQL injection...

WordPress OnePress Theme <= 2.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software OnePress Type Theme Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37448 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c9968969f7ad Credits Dhabaleshwar Das Required...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e5ceb2ec6d1 Credits Rafie Muhamma...

WordPress Perfect Portfolio Theme <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Perfect Portfolio Type Theme Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 073cf0103125 Credits Dhabaleshwar Das...

WordPress Theron Lite Theme <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Theron Lite Type Theme Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5cd651aaada Credits Francesco Carlucci Required...

WordPress WP Server Health Stats Plugin 1.7.6 is vulnerable to Backdoor

Software WP Server Health Stats Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 45a546f4e251 Credits WordFence Required privilege Unauthenticated...

WordPress Seo Optimized Images Plugin 2.1.2 is vulnerable to Backdoor

Software Seo Optimized Images Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 88a9e93519c2 Credits WordFence Required privilege Unauthenticated...

WordPress PowerPress Podcasting Plugin 11.9.3-11.9.4 is vulnerable to Backdoor

Software PowerPress Podcasting Type Plugin Vulnerable versions 11.9.3-11.9.4 Fixed in 11.9.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID cc7a51200190 Credits WordFence Required privilege...