377 matches found
WordPress MP3 Sticky Player Plugin <= 8.0 is vulnerable to Path Traversal
Software MP3 Sticky Player Type Plugin Vulnerable versions = 8.0 Fixed in 8.1 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2024-10803 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f73c5492a133 Credits Tonn Required privilege...
WordPress School Management Plugin <= 91.5.0 is vulnerable to Arbitrary File Upload
Software School Management Type Plugin Vulnerable versions = 91.5.0 Fixed in 92.0.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9659 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c5a4715332b9 Credits Tonn Required privilege Unauthenticat...
WordPress Sky Addons for Elementor Plugin <= 2.6.2 is vulnerable to Broken Access Control
Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11104 Patch priority High CVSS severity High 8.1 Developer Shahidul Islam PSID 3c17c9976c8a Credits vgo0 Required...
WordPress AccessPress Staple Theme <= 1.9.1 is vulnerable to Arbitrary File Upload
Software AccessPress Staple Type Theme Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 613a651ca664 Credits Mika Required privilege Subscriber...
WordPress MStore API Plugin <= 4.15.7 is vulnerable to SQL Injection
Software MStore API Type Plugin Vulnerable versions = 4.15.7 Fixed in 4.15.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11179 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1c06ba6b6a95 Credits Trương Hữu Phúc truonghuuphuc Required privilege...
WordPress Jobify - Job Board WordPress Theme Theme <= 4.2.3 is vulnerable to Arbitrary File Download
Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-52481 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d63150ac42f8 Credits Anand...
WordPress WP Quick Setup Plugin <= 2.0 is vulnerable to Arbitrary File Upload
Software WP Quick Setup Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52429 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ceb3ca8b7fc9 Credits Mika Required privilege Subscriber Published...
WordPress Really Simple Security Pro multisite Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication
Software Really Simple Security Pro multisite Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 976349dfad8d Credits...
WordPress WooCommerce Upload Files Plugin <= 84.3 is vulnerable to Arbitrary File Upload
Software WooCommerce Upload Files Type Plugin Vulnerable versions = 84.3 Fixed in 84.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10820 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2047e0da8994 Credits Tonn Required privilege...
WordPress B-Banner Slider Plugin <= 1.1 is vulnerable to Arbitrary File Upload
Software B-Banner Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52405 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 1fa3975122b0 Credits stealthcopter Required privilege Subscriber...
WordPress Relais 2FA Plugin <= 1.0 is vulnerable to Broken Authentication
Software Relais 2FA Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 461a7cd31084 Credits István Márton...
WordPress Boat Rental Plugin for WordPress Plugin <= 1.0.1 is vulnerable to Arbitrary File Upload
Software Boat Rental Plugin for WordPress Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52376 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3fb792ad560d Credits stealthcopter Required...
WordPress Devexhub Gallery Plugin <= 2.0.1 is vulnerable to Arbitrary File Upload
Software Devexhub Gallery Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52373 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 41326b5950fa Credits stealthcopter Required privilege...
WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Plugin <= 2.4.9 is vulnerable to Arbitrary File Upload
Software Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52384 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID...
WordPress DigiPass Plugin <= 0.3.0 is vulnerable to Arbitrary File Download
Software DigiPass Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2024-52378 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dbfd2eb97192 Credits stealthcopter Required privilege Unauthenticat...
WordPress Datasets Manager by Arttia Creative Plugin <= 1.5 is vulnerable to Arbitrary File Upload
Software Datasets Manager by Arttia Creative Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52375 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c894c89a63d1 Credits stealthcopter Required...
WordPress HB AUDIO GALLERY Plugin <= 3.0 is vulnerable to Arbitrary File Upload
Software HB AUDIO GALLERY Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51790 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 40d2c24127c2 Credits stealthcopter Required privilege...
WordPress WooCommerce Social Login Plugin <= 2.7.7 is vulnerable to Broken Authentication
Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10114 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 36095483e627 Credi...
WordPress Contest Gallery Plugin <= 24.0.3 is vulnerable to SQL Injection
Software Contest Gallery Type Plugin Vulnerable versions = 24.0.3 Fixed in 24.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10687 Patch priority High CVSS severity High 9.3 Developer Wasiliy Strecker PSID 3e91b10a855a Credits shaman0x01 Required privilege Unauthenticate...
WordPress BookingPress Plugin <= 1.1.16 is vulnerable to SQL Injection
Software BookingPress Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10540 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID ae4b89138a08 Credits Arkadiusz Hydzik Required privilege Subscriber...