27 matches found
WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by theviper17 in WordPress Plugin StoreKeeper for WooCommerce versions = 14.4.4...
WordPress ONLYOFFICE Docs plugin 1.1.0-2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function
Missing Authorization to Unauthenticated Privilege Escalation via callback Function vulnerability discovered by kr0d in WordPress Plugin ONLYOFFICE versions 1.1.0-2.2.0...
WordPress elfsight Contact Form widget plugin <= 2.3.1 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin elfsight Contact Form widget versions = 2.3.1...
WordPress Majestic Support plugin <= 1.1.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin Majestic Support versions = 1.1.0...
WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin FoodBakery versions = 3.3...
WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WpBookingly versions = 1.3.0...
WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control
Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...
WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation
Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...
WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication
Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...
WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary Code Execution
Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-37109 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fa508ef02b6e Credits Dave Jong Patchstack Required...
WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication
Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...
WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure
Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...
WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.6.2 is vulnerable to Broken Access Control
Software Advanced Local Pickup for WooCommerce Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31283 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 66c7c49037fc Credits Majed...
WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45637 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ecb3f3a7 Credits Phd Required privilege Unauthenticated...
WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection
Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...
WordPress WPvivid Backup and Migration Plugin <= 0.9.90 is vulnerable to Privilege Escalation
Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.90 Fixed in 0.9.91 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-41243 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a9e2cd303432 Credits Nguyen Anh Ti...
WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection
Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-37390 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 27be6a2ff8c6 Credits Robert R Required...
WordPress MStore API Plugin < 3.9.6 is vulnerable to Broken Access Control
Software MStore API Type Plugin Vulnerable versions 3.9.6 Fixed in 3.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f9c3e8cc268b Credits Unknown Required privilege Subscriber Publish...
WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control
Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3125 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 7647d8bb49ff Credits Jerome Bruandet Required privilege...