WordPress WP LinkedIn Auto Publish Plugin <= 8.11 is vulnerable to Broken Access Control

Software WP LinkedIn Auto Publish Type Plugin Vulnerable versions = 8.11 Fixed in 8.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32797 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 03094155e86a Credits Abdi Pranata Required...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...

WordPress Smash Balloon Social Post Feed Plugin <= 4.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smash Balloon Social Post Feed Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-31379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0081dd599b5c Credits Majed Refa...

WordPress Easy Digital Downloads Plugin <= 3.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89807a8f40a1 Credits Dhabaleshwar...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.8 is vulnerable to Cross Site Scripting (XSS)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.8 Fixed in 6.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3615c0b97947 Credits Steven Julian...

WordPress Sitekit Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Sitekit Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-29111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c6b957dd4df3 Credits CatFather Required privilege Contribut...

WordPress Site Reviews Plugin <= 6.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.11.6 Fixed in 6.11.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29095 Patch priority Low CVSS severity Low 5.9 Developer Gemini Labs PSID ea55e6cb50a9 Credits isacaya Required privilege Author Published...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress Colibri Page Builder Plugin <= 1.0.253 is vulnerable to Cross Site Request Forgery (CSRF)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.253 Fixed in 1.0.260 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1361 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ba2ec46e6e74 Credits Lucio Sá...

WordPress wpDataTables Plugin <= 3.4.2.4 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.4 Fixed in 3.4.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0591 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8b3b0085c333 Credits stealthcopter Required...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1157 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d94380d5f2fc Credits Mdr Required privilege...

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...

WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contest Gallery Type Plugin Vulnerable versions = 21.2.8.4 Fixed in 21.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24887 Patch priority Low CVSS severity Low 5.4 Developer Wasiliy Strecker PSID bc8832951ec5 Credits Dhabaleshwar D...

WordPress FooGallery Premium Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software FooGallery Premium Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6747 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e234ed1eb7c Credits WordFence Required...

WordPress Restaurant Reservations Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Reservations Type Plugin Vulnerable versions = 1.8 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51403 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f9150b6886d2 Credits resecured.io Required privilege...

WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.4 Fixed in 6.12.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51533 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bab8810452b9 Credits Brandon Rolda...

WordPress Squirrly SEO - Advanced Pack Plugin <= 2.3.8 is vulnerable to SQL Injection

Software Squirrly SEO - Advanced Pack Type Plugin Vulnerable versions = 2.3.8 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50854 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d251faf0f6ee Credits Muhammad Daffa Required privilege...