WordPress ARForms Form Builder Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31272 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 5543120d9779 Credits Yudistira Arya...

WordPress WP Photo Album Plus Plugin < 8.6.03.005 is vulnerable to Arbitrary File Upload

Software WP Photo Album Plus Type Plugin Vulnerable versions 8.6.03.005 Fixed in 8.6.03.005 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31286 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b5fb22d21826 Credits stealthcopter Required...

WordPress Masteriyo - LMS Plugin <= 1.7.2 is vulnerable to Privilege Escalation

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-24882 Patch priority High CVSS severity High 9.8 Developer Masteriyo PSID fe3cf3933428 Credits Steven Julian Required privilege...

WordPress Profile Builder Plugin <= 3.11.2 is vulnerable to Bypass Vulnerability

Software Profile Builder Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.11.3 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-31341 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b21686841f84 Credits Ananda Dhakal Patchstack...

WordPress Easy Digital Downloads Plugin <= 3.2.9 is vulnerable to Sensitive Data Exposure

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.2.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4b720db13b09 Credits Colin Xu Required...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.17 Fixed in 3.2.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0598 Patch priority Low CVSS severity Low 5.9 Developer KadenceWP PSID def3561720ef Credits Akbar...

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...

WordPress Template Kit – Import Plugin <= 1.0.14 is vulnerable to Cross Site Scripting (XSS)

Software Template Kit – Import Type Plugin Vulnerable versions = 1.0.14 Fixed in 1.0.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ba95df4bab0 Credits Colin Xu Require...

WordPress My Calendar Plugin < 3.4.24 is vulnerable to Cross Site Scripting (XSS)

Software My Calendar Type Plugin Vulnerable versions 3.4.24 Fixed in 3.4.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fa4438f7ecbf Credits cyc707 Required...

WordPress Genesis Blocks Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Genesis Blocks Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1946 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a98ab741df8 Credits Ngô Thiên An ancorn...

WordPress LayerSlider Plugin 7.9.11 - 7.10.0 is vulnerable to SQL Injection

Software LayerSlider Type Plugin Vulnerable versions 7.9.11 - 7.10.0 Fixed in 7.10.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2879 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f3cdf1aebfe3 Credits AmrAwad Required privilege Unauthenticated...

Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page

Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...

WordPress WP-Members Plugin <= 3.4.9.2 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.2 Fixed in 3.4.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1852 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 145e334b433b Credits Webbernaut Required...

WordPress MasterStudy LMS Plugin <= 3.3.0 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2411 Patch priority High CVSS severity High 9 Developer Claim ownership PSID c509d4c43d0b Credits Hiroho Shimada Required privilege...

WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to Sensitive Data Exposure

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2974 Patch priority Low CVSS severity Low 5.3 Developer WPDeveloper PSID 724b318703c8 Credits Ankit Patel...

WordPress List category posts Plugin <= 0.89.6 is vulnerable to Cross Site Scripting (XSS)

Software List category posts Type Plugin Vulnerable versions = 0.89.6 Fixed in 0.89.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1051 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a918041d1b8e Credits Ngô Thiên An ancor...

WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to PHP Object Injection

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3018 Patch priority Low CVSS severity Low 8 Developer WPDeveloper PSID b599dd4e668d Credits Ngô Thiên An ancorn Required...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1794 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID adc117fb9f27 Credits wesley wcraft Required...

Exploit for CVE-2024-28247

CVE-2024-28247 Pi-hole Arbitrary File Read Description Thi...