WordPress URL Image Importer plugin <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by bxdman in WordPress Plugin URL Image Importer versions = 1.0.7...

WordPress aThemes Addons for Elementor Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software aThemes Addons for Elementor Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51675 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1a41b721e0 Credits Khalid Yusuf Required...

WordPress Swiss Toolkit For WP Plugin <= 1.0.7 is vulnerable to Broken Authentication

Software Swiss Toolkit For WP Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-5204 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 07e08699642a Credits István Márton...

WordPress NewsXpress Theme <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software NewsXpress Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fbdf2aa209f9 Credits Dhabaleshwar Das Required...

WordPress GamiPress – Button Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress – Button Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2460 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 46fbe1f93240 Credits Francesco Carlucci...

WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...