WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.8.6 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.8.6 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b5246d239102 Credits Rafi...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49290 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c5a09464e377 Credits RE-ALTER Required privileg...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.34 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.34 Fixed in 5.7.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3427c89899f Credits Michelle...

WordPress Floating Contact Button Plugin < 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Floating Contact Button Type Plugin Vulnerable versions 2.8 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7891 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2bb2b652e147 Credits Kientt Required...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Insecure Direct Object References (IDOR)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8123 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID...

WordPress Gixaw Chat Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gixaw Chat Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7816 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID aa72a581011b Credits Daniel Ruf Required privilege...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

WordPress WP Last Modified Info Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Last Modified Info Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6864 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e374934e79b Credits Webbernaut Require...

WordPress JetBlocks For Elementor Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7147 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 63831bec7c72 Credits stealthcopter...

WordPress Atarim Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software Atarim Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7621 Patch priority Low CVSS severity Low 5.4 Developer Atarim PSID 410d656b7615 Credits Lucio Sá Required privilege Subscriber Published...

WordPress Advanced Cron Manager – debug & control Plugin <= 2.5.9 is vulnerable to Broken Access Control

Software Advanced Cron Manager – debug & control Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.5.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7331ca5ca4a8 Credits...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.11.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6627 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID 0dee5f2221b3 Credits Webbernaut Required...

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

WordPress Conditional Fields for Contact Form 7 Plugin <= 2.4.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Conditional Fields for Contact Form 7 Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e1825173a8a1...

WordPress WP QuickLaTeX Plugin < 3.8.8 is vulnerable to Cross Site Scripting (XSS)

Software WP QuickLaTeX Type Plugin Vulnerable versions 3.8.8 Fixed in 3.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5529 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f0666acc2d5f Credits Bob Matyas Required privileg...

WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

WordPress Animated Rotating Words Plugin <= 5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Animated Rotating Words Type Plugin Vulnerable versions = 5.6 Fixed in 5.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38753 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dd7430216b1 Credits Majed Refaea...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Broken Access Control

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38714 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 00f4bc37a87e Credits Majed Refaea Required...