WordPress Uncanny Toolkit Pro for LearnDash Plugin < 4.1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Uncanny Toolkit Pro for LearnDash Type Plugin Vulnerable versions 4.1.4.1 Fixed in 4.1.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37436 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 95db5389fd59 Credits Dave Jong...

WordPress Conversios.io Plugin <= 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ca27caeedd00 Credits Ulyses Saicha Requir...

WordPress WidgetKit Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software WidgetKit Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 351434df7944 Credits 4rCanJ0x! Required privilege Contributor...

WordPress Slider Revolution Plugin <= 6.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.7.13 Fixed in 6.7.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37449 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 0c45389d2eaa Credits wcraft Required privilege Administrator...

WordPress File Manager Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software File Manager Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37254 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64eee288cde4 Credits Rafie Muhammad Patchstack Requir...

WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...

WordPress WP-Lister Lite for Amazon Plugin <= 2.6.16 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for Amazon Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37261 Patch priority Medium CVSS severity Medium 7.1 Developer WP Lab PSID 6ad653dd30ed Credits Le Ngoc Anh Required privileg...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 2.4.7 is vulnerable to Cross Site Scripting (XSS)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 2.4.7 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37259 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID 6e88ac2a1e7f Credits Yudisti...

WordPress Elements kit Elementor addons Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37255 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b0cbfbfccc4f Credits Rafie Muhammad Patchstack...

WordPress EmbedPress Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 86a2108fb08b Credits Yudistira Arya Required privilege...

WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)

Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...

WordPress Striking Theme <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Striking Type Theme Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37267 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2195a58a6bf5 Credits Rafie Muhammad Patchstack Required...

WordPress Kadence Blocks Pro Plugin < 2.3.8 is vulnerable to Broken Access Control

Software Kadence Blocks Pro Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1330 Patch priority Low CVSS severity Low 4.3 Developer KadenceWP PSID 0488c91e76be Credits Scott Kingsley Clark Required...

WordPress Masterstudy Elementor Widgets Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Masterstudy Elementor Widgets Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c3068c566a95 Credits Rafie Muhammad...

WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5601 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID ca91d82db3a3 Credits Krzysztof Zając Required...

WordPress Spotify Play Button Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Spotify Play Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81b0c1de1aa9 Credits Bob Matyas Required...

WordPress Contact Form 7 Multi-Step Addon Plugin 1.0.4-1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions 1.0.4-1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 210ed7e4774a Credits WordFence Required privilege...

WordPress Social Warfare Plugin 4.4.6.4-4.4.7.1 is vulnerable to Backdoor

Software Social Warfare Type Plugin Vulnerable versions 4.4.6.4-4.4.7.1 Fixed in 4.4.7.3 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 29aedd9dc6eb Credits WordFence Required privilege Unauthenticated...

WordPress Logo Manager For Enamad Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4757 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 134c5c763311 Credits Bob Matyas...

WordPress Wrapper Link Elementor Plugin 1.0.2,1.0.3 is vulnerable to Backdoor

Software Wrapper Link Elementor Type Plugin Vulnerable versions 1.0.2,1.0.3 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73ed028987ed Credits WordFence Required privilege Unauthenticate...