WordPress MPG Plugin <= 3.4.0 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cea17ebc47f Credits Majed Refaea Required privilege Subscribe...

WordPress WholesaleX Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WholesaleX Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30234 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d5e0c742e615 Credits Emili Castells Required...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.24 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.24 Fixed in 4.5.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29795 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress PropertyHive Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29923 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 660abe1d978c Credits Yudistira Arya Required privilege...

WordPress WP Fast Total Search Plugin <= 1.59.211 is vulnerable to Cross Site Scripting (XSS)

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.59.211 Fixed in 1.60.213 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29799 Patch priority Low CVSS severity Low 6.5 Developer Epsiloncool PSID 5e9e859d0b96 Credits Ngô Thiên An ancorn from VNPT-V...

WordPress Stratum Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software Stratum Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d8d138923e6 Credits Khalid Yusuf Required privilege Contributor...

WordPress Schema Pro Plugin < 2.7.16 is vulnerable to Broken Access Control

Software Schema Pro Type Plugin Vulnerable versions 2.7.16 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1564 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68dac5194d9b Credits Scott Kingsley Clark Required...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e415424c3ca8 Credits LVT-tholv2k...

WordPress CoBlocks Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Software CoBlocks Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c31aa15ef7d9 Credits Webbernaut Required privilege...

WordPress New RoyalSlider Plugin <= 3.4.2 is vulnerable to Cross Site Scripting (XSS)

Software New RoyalSlider Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30195 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 586b18a145b1 Credits Rafie Muhammad Patchstack Requir...

WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29933 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92c4582be5aa Credits LVT-tholv2k Required privilege...

WordPress Podlove Podcast Publisher Plugin <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29915 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b5b45e01eae Credits Dimas Maulana Require...

WordPress WordPress Importer Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Importer Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30201 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 79212c825fed Credits Dimas Maulana Required...

WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...

WordPress Church Admin Plugin <= 4.1.17 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.1.17 Fixed in 4.1.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30193 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID 239d5fd65793 Credits CatFather Required privilege...

JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

WordPress WooCommerce Clover Payment Gateway Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WooCommerce Clover Payment Gateway Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c0aefba99a Credits Francesco...

WordPress Co-marquage service-public.fr Plugin <= 0.5.72 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.72 Fixed in 0.5.73 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29758 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54a2401a71ec Credits Yudistira Arya...

WordPress Conversios.io Plugin <= 6.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.9.1 Fixed in 7.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29794 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8df60cff479f Credits Le Ngoc Anh Required privilege...