WordPress Fancy Elementor Flipbox Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6fdd1efa32f5 Credits Khalid Yusuf Required privileg...

WordPress Gold Addons for Elementor Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Gold Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34563 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ec8bc999d21 Credits Khalid Yusuf Required...

WordPress WP Job Manager Plugin <= 2.2.2 is vulnerable to Sensitive Data Exposure

Software WP Job Manager Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-34549 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 76cb5788a42c Credits Peng Zhou Required privilege...

WordPress Ultimate Store Kit Elementor Addons Plugin <= 2.0.3 is vulnerable to PHP Object Injection

Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-4606 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 46e7a74eebcc Credits Ray Wilson Requir...

WordPress WP Photo Album Plus Plugin <= 8.7.01.001 is vulnerable to Arbitrary File Upload

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.01.001 Fixed in 8.7.01.002 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31377 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6676bd224b42 Credits stealthcopter Required...

WordPress Himalayas Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Himalayas Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd02f673cbfe Credits stealthcopter Required privilege Contributor...

WordPress SKT Addons for Elementor Plugin <=1.8 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions =1.8 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 346a6441540d Credits 4rCanJ0x! Required privilege...

WordPress Shared Counts Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Shared Counts Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9dd902d0b809 Credits N/A Required privilege Unauthenticated...

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and...

WordPress raindrops Theme <= 1.600 is vulnerable to Cross Site Scripting (XSS)

Software raindrops Type Theme Vulnerable versions = 1.600 Fixed in 1.700 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34414 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d4e3ff80bd8c Credits stealthcopter Required privilege Contributor...

WordPress SliceWP Plugin <=1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software SliceWP Type Plugin Vulnerable versions =1.1.10 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34413 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c46a4aefe49b Credits Manab Jyoti Dowarah Required privilege...

WordPress Auto Affiliate Links Plugin <= 6.4.3.1 is vulnerable to SQL Injection

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3.1 Fixed in 6.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-34386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 901e8da7d177 Credits Do Truong Giang Required privilege Editor...

WordPress Testimonial Slider Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Slider Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4193 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c9e113bbfe1 Credits Krzysztof Zając...

WordPress Simple Membership Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.5 Fixed in 4.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4383 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 39626d5eed25 Credits wesley wcraft Required...

WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)

Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...

WordPress Restaurant and Cafe Theme <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Restaurant and Cafe Type Theme Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97da5caaa5b4 Credits Dhabaleshwar Das...

WordPress Login with phone number Plugin <= 1.7.18 is vulnerable to Broken Access Control

Software Login with phone number Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34371 Patch priority Low CVSS severity Low 4.3 Developer Hamid Alinia PSID 42d051f8202b Credits Dhabaleshwar Das...

WordPress Download Alt Text AI Plugin <=1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Download Alt Text AI Type Plugin Vulnerable versions =1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34366 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 15bd973c927c Credits Manab Jyoti Dowarah Required...

WordPress Last Viewed Posts by WPBeginner Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Last Viewed Posts by WPBeginner Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3070 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1e1e21bf8373 Credits Francesco Carlucci Requir...

WordPress PropertyHive Plugin <= 2.0.10 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34381 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b461efce659 Credits LVT-tholv2k Required privilege...