377 matches found
WordPress Ajax Rating with Custom Login Plugin <= 1.1 is vulnerable to SQL Injection
Software Ajax Rating with Custom Login Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49246 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID de8e18fe2e58 Credits stealthcopter Required privilege...
WordPress Digital Lottery Plugin <= 3.0.5 is vulnerable to Arbitrary File Upload
Software Digital Lottery Type Plugin Vulnerable versions = 3.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49242 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7676461ee2c0 Credits stealthcopter Required privilege...
WordPress Feed Comments Number Plugin <= 0.2.1 is vulnerable to Arbitrary File Upload
Software Feed Comments Number Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49216 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6dc3911dda2c Credits stealthcopter Required privilege...
WordPress Hunk Companion Plugin <= 1.8.4 is vulnerable to Broken Access Control
Software Hunk Companion Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9707 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 20cecbb53904 Credits Sean Murphy Required privileg...
WordPress WP Users Masquerade Plugin <= 2.0.0 is vulnerable to Broken Authentication
Software WP Users Masquerade Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9522 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb305b8e1a56 Credits Istvá...
WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection
Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...
WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection
Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...
WordPress Top Bar – PopUps – by WPOptin Plugin <= 2.0.1 is vulnerable to Local File Inclusion
Software Top Bar – PopUps – by WPOptin Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47645 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f22f05a49b0f Credits tahu.datar Required...
WordPress YITH WooCommerce Ajax Search Plugin <= 2.8.0 is vulnerable to SQL Injection
Software YITH WooCommerce Ajax Search Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47350 Patch priority High CVSS severity High 9.3 Developer YITH PSID 596c2acc77c4 Credits Hakiduck Required privilege Unauthenticated...
CVE-2024-46837 drm/panthor: Restrict high priorities on group_create
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...
WordPress Charitable Plugin <= 1.8.1.14 is vulnerable to Privilege Escalation
Software Charitable Type Plugin Vulnerable versions = 1.8.1.14 Fixed in 1.8.1.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8791 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04c66e8c147c Credits wesley...
WordPress Frontend Dashboard Plugin <= 2.2.4 is vulnerable to Arbitrary Code Execution
Software Frontend Dashboard Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-8268 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9cb7568890b1 Credits Lucio Sá Required privilege...
WordPress Newsletters Plugin <= 4.9.9.2 is vulnerable to Privilege Escalation
Software Newsletters Type Plugin Vulnerable versions = 4.9.9.2 Fixed in 4.9.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8247 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb3ac75f37d4 Credits rajesh...
WordPress Bit File Manager Plugin 6.0-6.5.5 is vulnerable to Arbitrary File Upload
Software Bit File Manager Type Plugin Vulnerable versions 6.0-6.5.5 Fixed in 6.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-7627 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 8d646fb4b08e Credits TANG Cheuk Hei siunam Required...
WordPress Login As Users Plugin <= 1.4.3 is vulnerable to Broken Access Control
Software Login As Users Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43982 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 591007b6910c Credits Ananda Dhakal Patchstack...
WordPress SendGrid for WordPress Plugin <= 1.4 is vulnerable to SQL Injection
Software SendGrid for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43965 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 897d693aed88 Credits Ananda Dhakal Patchstack Required privilege...
WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection
Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 is vulnerable to SQL Injection
Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43917 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 55f8b0990265 Credits Rafie Muhammad Patchstack Required...
WordPress Grow by Tradedoubler Plugin < 2.0.22 is vulnerable to Local File Inclusion
Software Grow by Tradedoubler Type Plugin Vulnerable versions 2.0.22 Fixed in 2.0.22 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6460 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 01b6350330ff Credits Project Black Required privilege...
WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection
Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...