WordPress Social Warfare Plugin <= 4.4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.6.1 Fixed in 4.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4ca6fb05821 Credits Krzysztof Zając...

JVN#24683352: TvRock vulnerable to cross-site request forgery

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...

WordPress Quick Featured Images Plugin <= 13.7.0 is vulnerable to Broken Access Control

Software Quick Featured Images Type Plugin Vulnerable versions = 13.7.0 Fixed in 13.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3664 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 955c9c9acc5c Credits Lucio Sá Required...

WordPress Newsletters Plugin <=4.9.5 is vulnerable to Sensitive Data Exposure

Software Newsletters Type Plugin Vulnerable versions =4.9.5 Fixed in 4.9.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32953 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5684766cc1ef Credits Peng Zhou Required privilege...

WordPress Integrate Google Drive Plugin <= 1.3.9 is vulnerable to Broken Access Control

Software Integrate Google Drive Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.3.91 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32813 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3bec4c127fe1 Credits Steven Julian Require...

WordPress StreamWeasels Twitch Integration Plugin <= 1.7.8 is vulnerable to Sensitive Data Exposure

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32716 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eec287347b22 Credits Majed Refa...

WordPress WP LinkedIn Auto Publish Plugin <= 8.11 is vulnerable to Broken Access Control

Software WP LinkedIn Auto Publish Type Plugin Vulnerable versions = 8.11 Fixed in 8.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32797 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 03094155e86a Credits Abdi Pranata Required...

WordPress SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer Plugin <= 3.10.2 is vulnerable to Broken Access Control

Software SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer Type Plugin Vulnerable versions = 3.10.2 Fixed in 3.10.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3287 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID d9ce8b757c...

WordPress Appointment Hour Booking Plugin <= 1.4.56 is vulnerable to Other Vulnerability Type

Software Appointment Hour Booking Type Plugin Vulnerable versions = 1.4.56 Fixed in 1.4.57 OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2024-32720 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 228e58c3426d Credits Mochamad Sofyan...

WordPress Import and export users and customers Plugin <= 1.26.2 is vulnerable to PHP Object Injection

Software Import and export users and customers Type Plugin Vulnerable versions = 1.26.2 Fixed in 1.26.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32817 Patch priority Low CVSS severity Low 4.4 Developer Codection PSID db71a86e52da Credits Trình Vũ Sonicrrrr from...

WordPress CookieHub Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software CookieHub Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32784 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf6c0519f789 Credits Abdi Pranata Required privilege...

WordPress Coupon & Discount Code Reveal Button Plugin <=1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Coupon & Discount Code Reveal Button Type Plugin Vulnerable versions =1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID abdf37204c70 Credits emad Required...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

WordPress Data Tables Generator by Supsystic Plugin <= 1.10.31 is vulnerable to Broken Access Control

Software Data Tables Generator by Supsystic Type Plugin Vulnerable versions = 1.10.31 Fixed in 1.10.32 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c3d8bb1fd9d8 Credits Steven...

WordPress Premium Addons for Elementor Plugin <= 4.10.25 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.25 Fixed in 4.10.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32791 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 5e608ef68f6a Credits Ray Wilson Required privileg...

WordPress AI Post Generator | AutoWriter Plugin <= 3.3 is vulnerable to Broken Access Control

Software AI Post Generator | AutoWriter Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32713 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1f7f2444d49e Credits LVT-tholv2k Requir...

WordPress Seers Plugin <= 8.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Seers Type Plugin Vulnerable versions = 8.1.0 Fixed in 8.1.1 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-32789 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID e0239ca83176 Credits Le Ngoc Anh Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.94 is vulnerable to Arbitrary File Upload

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.94 Fixed in 1.3.95 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-1567 Patch priority High CVSS severity High 8.2 Developer WProyal PSID 7b79f8ce62d8 Credits wesley wcraft Required...

WordPress WP Media Category Management Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Media Category Management Type Plugin Vulnerable versions = 2.2 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32950 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 741ef421ce76 Credits Abdi Pranata Required...

WordPress Email Customizer for WooCommerce Plugin <= 2.6.0 is vulnerable to Sensitive Data Exposure

Software Email Customizer for WooCommerce Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-32781 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bb85c76645da Credits Emili...