136 matches found
WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...
WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...
WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...
WordPress StreamWeasels YouTube Integration Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)
Software StreamWeasels YouTube Integration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11788 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbd6037644c5 Credits...
WordPress Theme Builder For Elementor Plugin <= 1.2.2 is vulnerable to Broken Access Control
Software Theme Builder For Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10782 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266b574a3c97...
WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc2c8b0bae5b Credits Peter...
WordPress nBlocks Plugin <= 1.0.2 is vulnerable to Local File Inclusion
Software nBlocks Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-52450 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d4618b9386b6 Credits João Pedro S Alcântara Kinorth Required...
WordPress Google for WooCommerce Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure
Software Google for WooCommerce Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10486 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aafd7d494c83 Credits Francesco Carlucci...
WordPress Envo Extra Plugin <= 1.9.3 is vulnerable to Sensitive Data Exposure
Software Envo Extra Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10770 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c74e911b1aae Credits Francesco Carlucci Required privilege...
WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.5 is vulnerable to Sensitive Data Exposure
Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.5 Fixed in 4.5.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10084 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a8f9f7ebcd8 Credits...
WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.8.6 is vulnerable to Broken Access Control
Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.8.6 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b5246d239102 Credits Rafi...
WordPress The Pack Elementor addons Plugin <= 2.0.9 is vulnerable to Local File Inclusion
Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50453 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e424fb066139 Credits João Pedro S Alcânta...
WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49290 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c5a09464e377 Credits RE-ALTER Required privileg...
WordPress Advanced Woo Labels Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Woo Labels Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47622 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9dc287c181e2 Credits savphill Required privilege...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.34 is vulnerable to Broken Access Control
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.34 Fixed in 5.7.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3427c89899f Credits Michelle...
WordPress Bit Form – Contact Form Plugin Plugin <= 2.13.10 is vulnerable to Arbitrary File Upload
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.13.10 Fixed in 2.13.11 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-47319 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 4ad1bd9ca230 Credits Certus Cybersecurity...
WordPress Tweaker5 Theme <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Tweaker5 Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5870 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc368d54393c Credits Francesco Carlucci Required privileg...
WordPress Flash & HTML5 Video Plugin <= 2.5.34 is vulnerable to Broken Access Control
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.34 Fixed in 2.5.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 692106c3e036 Credits Lucio Sá Required...
WordPress Floating Contact Button Plugin < 2.8 is vulnerable to Cross Site Scripting (XSS)
Software Floating Contact Button Type Plugin Vulnerable versions 2.8 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7891 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2bb2b652e147 Credits Kientt Required...
WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Insecure Direct Object References (IDOR)
Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8123 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID...