WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...

WordPress WPPizza Plugin <= 3.18.10 is vulnerable to Broken Access Control

Software WPPizza Type Plugin Vulnerable versions = 3.18.10 Fixed in 3.18.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d7917e7b15a2 Credits Majed Refaea Required...

WordPress Better Elementor Addons Plugin <= 1.4.1 is vulnerable to Local File Inclusion

Software Better Elementor Addons Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-33541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62efde4398ca Credits Ray Wilson Required...

WordPress WP Portfolio Theme <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Portfolio Type Theme Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33537 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 960b34eee068 Credits stealthcopter Required privilege Contributor...

WordPress Blocksy Theme <= 2.0.39 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.39 Fixed in 2.0.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3747 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 3ec8e6a91460 Credits Ngô Thiên An ancorn Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Settings Change

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33564 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fefe041fa298 Credits Rafie Muhammad Patchstack Required privileg...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Local File Inclusion

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33557 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 942a9619d048 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Knowledge Base documentation & wiki plugin – BasePress Plugin <= 2.16.1 is vulnerable to Broken Access Control

Software Knowledge Base documentation & wiki plugin – BasePress Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33588 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Privilege Escalation

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33569 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID d731bc7eedd6 Credits Rafie...

WordPress Essential Addons for Elementor Plugin <= 5.9.15 is vulnerable to Sensitive Data Exposure

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.15 Fixed in 5.9.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3733 Patch priority Low CVSS severity Low 5.3 Developer WPDeveloper PSID 0f72cfe9f2f9 Credits Webbernaut...

WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...

WordPress Assistant – Every Day Productivity Apps Plugin <= 1.4.9.1 is vulnerable to Sensitive Data Exposure

Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions = 1.4.9.1 Fixed in 1.4.9.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-33538 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Chaty Plugin < 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions 3.1.9 Fixed in 3.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2972 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de00cfe54026 Credits Dmitrii Ignatyev Required privilege...

WordPress FileOrganizer Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2324 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee105a346d17 Credits Nikolas Required privilege...

WordPress WooCommerce Customers Manager Plugin < 29.8 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.8 Fixed in 29.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1743 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 088073d3e0c4 Credits Erwan LR...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

TvRock vulnerable to cross-site request forgery

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. During the meeting of Committee for authorizing the disclosure of unresolved...

TvRock vulnerable to denial-of-service (DoS)

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. During the meeting of Committee for authorizing the disclosure of unresolved...

WordPress Booking Ultra Pro Plugin <= 1.1.12 is vulnerable to Privilege Escalation

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.12 Fixed in 1.1.13 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-32960 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 13ea86acc945 Credits Emili Castells...