WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29906 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 19338c850285 Credits...

WordPress Portfolio Gallery – Image Gallery Plugin Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Portfolio Gallery – Image Gallery Plugin Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29769 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 67413237e077 Credits LVT-tholv2k...

WordPress Grid Shortcodes Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Grid Shortcodes Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 001d3493f64b Credits Ngô Thiên An ancorn from VNPT-VCI Requir...

WordPress Easy Social Feed Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.3 Fixed in 6.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30180 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2b851d6fb10 Credits LVT-tholv2k Required privilege...

WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e415424c3ca8 Credits LVT-tholv2k...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.01 Fixed in 2.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29791 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bea274e4e958 Credits Le Ngoc Anh Requir...

WordPress Conversios.io Plugin <= 6.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.9.1 Fixed in 7.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29794 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8df60cff479f Credits Le Ngoc Anh Required privilege...

WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29933 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92c4582be5aa Credits LVT-tholv2k Required privilege...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255b07899e6d Credits Ngô Thiên An ancorn from VNPT-V...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1948 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d76b6dbfa27e Credits Ngô Thiên An...

WordPress Memberpress Plugin <= 1.11.26 is vulnerable to Cross Site Scripting (XSS)

Software Memberpress Type Plugin Vulnerable versions = 1.11.26 Fixed in 1.11.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1412 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44159653a377 Credits Jamie Perrelet...

WordPress WP Compress – Image Optimizer [All-In-One] Plugin <= 6.11.10 is vulnerable to Broken Access Control

Software WP Compress – Image Optimizer All-In-One Type Plugin Vulnerable versions = 6.11.10 Fixed in 6.11.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1934 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID c01c5919ea5a Credits...

KLA65276 OSI vulnerability in Microsoft Developer Tools

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2024-29059 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-.NET-Framework...

WordPress Cards for Beaver Builder Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Cards for Beaver Builder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2305 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2cce6bd9382 Credits Francesco...

WordPress Easy Property Listings Plugin <= 3.5.2 is vulnerable to SQL Injection

Software Easy Property Listings Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1893 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 741d2179a015 Credits Krzysztof Zając Required privilege...

WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...

WordPress Avada Theme <= 7.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 07e5a74cda4c Credits Muhammad Zeeshan Xib3rR4dAr...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.76 is vulnerable to Sensitive Data Exposure

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.76 Fixed in 3.3.77 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2080 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.7 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.7 Fixed in 1.6.7.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 36408cb83a66 Credits Krzysztof Zając Required privileg...