WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Insecure Direct Object References (IDOR)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8123 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID...

WordPress Social Warfare Plugin <= 4.4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.5.1 Fixed in 4.4.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-34825 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b83b2493f1f5 Credits Majed Refaea Required...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34570 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a72ed89a6787 Credits Manab Jyoti Dowarah Required...

WordPress Arconix FAQ Plugin <= 1.9.3 is vulnerable to Broken Access Control

Software Arconix FAQ Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 08be721736b8 Credits Dhabaleshwar Das Required privileg...

WordPress Form Maker by 10Web Plugin <= 1.15.20 is vulnerable to Bypass Vulnerability

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.20 Fixed in 1.15.21 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48290 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 419f98d34635 Credits qilin99 Required...

WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software YouTube Playlist Player Type Plugin Vulnerable versions = 4.6.4 Fixed in 4.6.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33931 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07d0f46aa846 Credits Skalucy...

WordPress Better Search Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Search Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6bf174bb3916 Credits Unknown Required privilege...