WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...

WordPress Animated Rotating Words Plugin <= 5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Animated Rotating Words Type Plugin Vulnerable versions = 5.6 Fixed in 5.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38753 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dd7430216b1 Credits Majed Refaea...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Broken Access Control

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38714 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 00f4bc37a87e Credits Majed Refaea Required...

WordPress Academy LMS Plugin <= 2.0.4 is vulnerable to Broken Access Control

Software Academy LMS Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38701 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1381c0d8b2d7 Credits filime Required privilege Academy...

WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9fc0b88e6af6 Credits Francesco Carlucci...

WordPress Ultimate Auction Plugin <= 4.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed8502cd34a3 Credits Majed Refaea...

WordPress Product Customer List for WooCommerce Plugin <= 3.1.6 is vulnerable to Backdoor

Software Product Customer List for WooCommerce Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23316ac7b932 Credits Sansec.io Required privilege Unauthenticate...

WordPress Logic Hop Plugin <= 3.8.8 is vulnerable to Backdoor

Software Logic Hop Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.9.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e54343bdaeda Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0.3 is vulnerable to Local File Inclusion

Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0.3 Fixed in 1.3.0.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37410 Patch priority Low CVSS severity Low 4.9 Developer IdeaBox Creations PSID 6c1f186fa5b1 Credits João...

WordPress Loco Translate Plugin <= 2.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Loco Translate Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37236 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f02123bf72f2 Credits Nosa Shandy Required...

WordPress Hide Dashboard Notifications Plugin <= 1.3 is vulnerable to Broken Access Control

Software Hide Dashboard Notifications Type Plugin Vulnerable versions = 1.3 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1955 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 47605ad93239 Credits Francesco Carlucci...

WordPress Sassy Social Share Plugin < 3.3.63 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.63 Fixed in 3.3.63 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4924 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8218db38fbf6 Credits Dmitrii Ignatyev...

WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control

Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

WordPress Post Grid Elementor Addon Plugin <= 2.0.16 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid Elementor Addon Type Plugin Vulnerable versions = 2.0.16 Fixed in 2.0.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a126fad23f02 Credits 4rCanJ0x! Required privile...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

WordPress Social Warfare Plugin <= 4.4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.5.1 Fixed in 4.4.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-34825 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b83b2493f1f5 Credits Majed Refaea Required...

WordPress Move Addons for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34562 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 788c0e0d4eae Credits Khalid Yusuf Required...

WordPress Mooberry Book Manager Plugin <= 4.15.12 is vulnerable to Sensitive Data Exposure

Software Mooberry Book Manager Type Plugin Vulnerable versions = 4.15.12 Fixed in 4.15.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-34368 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8048e91588cf Credits Steven Julian...