376 matches found
WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication
Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9988 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4336600a033e Credits István Márton...
WordPress 1-Click Login: Passwordless Authentication Plugin 1.4.5 is vulnerable to Broken Authentication
Software 1-Click Login: Passwordless Authentication Type Plugin Vulnerable versions 1.4.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-50478 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2b1c10f4ccc7 Credits...
WordPress Ajar in5 Embed Plugin <= 3.1.3 is vulnerable to Arbitrary File Upload
Software Ajar in5 Embed Type Plugin Vulnerable versions = 3.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50473 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 049a1a1b0c36 Credits CTRL Chance Required privilege...
WordPress Stacks Mobile App Builder Plugin <= 5.2.3 is vulnerable to Broken Authentication
Software Stacks Mobile App Builder Type Plugin Vulnerable versions = 5.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50477 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02ff662824ca Credit...
WordPress App Builder Plugin <= 5.3.7 is vulnerable to Broken Authentication
Software App Builder Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A3: Injection Classification Broken Authentication CVE CVE-2024-9302 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 82e5ff2f8d20 Credits wesley wcraft Required privilege...
WordPress iBryl Switch User Plugin <= 1.0.1 is vulnerable to Broken Authentication
Software iBryl Switch User Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-49675 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e670b280f106 Credits...
WordPress TeploBot - Telegram Bot for WP Plugin <= 1.3 is vulnerable to Sensitive Data Exposure
Software TeploBot - Telegram Bot for WP Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-9627 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 5b587e0ba22b Credits István Márton...
WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection
Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2b353481dee7 Credits John Castro Required privilege...
WordPress Rate Own Post Plugin <= 1.0 is vulnerable to SQL Injection
Software Rate Own Post Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49616 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c63aca788766 Credits João Pedro S Alcântara Kinorth Required privilege...
WordPress Time Clock Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)
Software Time Clock Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID ba1ac64c553d Credits István Márton Required privilege...
WordPress photokit Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software photokit Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49610 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a740c666723d Credits stealthcopter Required privilege Unauthenticated...
WordPress Product Website Showcase Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software Product Website Showcase Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49611 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f26ca655ccfd Credits stealthcopter Required privilege...
WordPress Giveaway Boost Plugin <= 2.1.4 is vulnerable to PHP Object Injection
Software Giveaway Boost Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49332 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc16e9530c12 Credits Mika Required privilege Unauthenticated...
WordPress Timetable and Event Schedule Plugin <= 2.3.8 is vulnerable to Broken Access Control
Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36840 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d75a5069efd3 Credits Ram Required...
WordPress FREE DOWNLOAD MANAGER Plugin <= 1.0.0 is vulnerable to Arbitrary File Deletion
Software FREE DOWNLOAD MANAGER Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49315 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 8f4f5a37b4b7 Credits stealthcopter Required privilege...
WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...
WordPress Email Verification for WooCommerce Plugin <= 2.8.10 is vulnerable to SQL Injection
Software Email Verification for WooCommerce Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49305 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2913142990bb Credits shaman0x01 Required privile...
WordPress Recently Plugin <= 1.1 is vulnerable to PHP Object Injection
Software Recently Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49218 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dfdd033e65c6 Credits LVT-tholv2k Required privilege Unauthenticated...
WordPress Feed Comments Number Plugin <= 0.2.1 is vulnerable to Arbitrary File Upload
Software Feed Comments Number Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49216 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6dc3911dda2c Credits stealthcopter Required privilege...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.121 is vulnerable to Remote Code Execution (RCE)
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.121 Fixed in 1.5.122 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-49271 Patch priority High CVSS severity High 9.1 Developer Unlimited Elements PSID...