7442 matches found
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options Run the below command in the developer console of the web browser while being on th...
WordPress Review Schema Plugin <= 2.1.14 is vulnerable to Broken Access Control
Software Review Schema Type Plugin Vulnerable versions = 2.1.14 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 61e084c0e677 Credits Francesco Carlucci Required...
WordPress Shareaholic Plugin <= 9.7.11 is vulnerable to Broken Access Control
Software Shareaholic Type Plugin Vulnerable versions = 9.7.11 Fixed in 9.7.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24709 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e941ba723f22 Credits Abdi Pranata Required...
WordPress Load More Anything Plugin <= 3.3.3 is vulnerable to Broken Access Control
Software Load More Anything Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24704 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 21a4ab3d4f55 Credits Elliot Required...
WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Debug Type Plugin Vulnerable versions = 1.10 Fixed in 1.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24798 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7c7ee723dce1 Credits Nguyen Xuan Chien Required...
WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Accessibility Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24705 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8ca8558b0216 Credits Nguyen Xuan Chien...
WordPress WC Marketplace Plugin <= 4.0.25 is vulnerable to Broken Access Control
Software WC Marketplace Type Plugin Vulnerable versions = 4.0.25 Fixed in 4.0.26 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24703 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 7837c53d253a Credits Le Ngoc Anh Required...
WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection
Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...
WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Content Injection
Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-23522 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b82c61d4e6f0 Credits Revan Arifio Required privilege...
WordPress PilotPress Plugin <= 2.0.30 is vulnerable to Broken Access Control
Software PilotPress Type Plugin Vulnerable versions = 2.0.30 Fixed in 2.0.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23524 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 0d381f1b6d73 Credits Nguyen Xuan Chien Required...
Mozilla: Privilege escalation through devtools
The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges...
Apple warns of “privacy and security threats” after EU requires it to allow sideloading
Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store sideloading. These drastic changes are brought about to comply with the European Union’s EU Digital Markets Act DMA. The Digital Markets Act DMA establish...
WordPress ACF Photo Gallery Field Plugin <= 2.6 is vulnerable to Broken Access Control
Software ACF Photo Gallery Field Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23518 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90b02382eae5 Credits Abdi Pranata Required...
WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection
Software ProductX – Gutenberg WooCommerce Blocks Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-23512 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID fa4448964e74 Credits Yudistira Arya...
WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control
Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...
WordPress PopupAlly Plugin <= 2.1.0 is vulnerable to Broken Access Control
Software PopupAlly Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23520 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a577e748f483 Credits Abdi Pranata Required privile...
WordPress Exclusive Addons Elementor Plugin <= 2.6.8 is vulnerable to Cross Site Scripting (XSS)
Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.8 Fixed in 2.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6855edff42bb Credits Webbernaut...
WordPress Allow SVG Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Allow SVG Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1ff41df5c9e Credits Bob Matyas Required privilege...
WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Broken Access Control
Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0869 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 5f84c56450a0 Credits Sean Murphy Required...
WordPress Dragfy Addons for Elementor Plugin <= 8.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Dragfy Addons for Elementor Type Plugin Vulnerable versions = 8.3.1 Fixed in 8.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0448 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80155176471b Credits Webbernaut...