WordPress Directorist Plugin <= 7.8.6 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.6 Fixed in 7.9.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33929 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4002917cae9a Credits Dhabaleshwar Das Required privile...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...

WordPress All-in-one Like Widget Plugin <= 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software All-in-one Like Widget Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32815 Patch priority Low CVSS severity Low 5.9 Developer Jeroen Peters PSID 19340c2d052a Credits Joshua Chan Required privilege...

WordPress Rate my Post – WP Rating System Plugin <= 3.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Rate my Post – WP Rating System Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32823 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3390dc0a9f18...

WordPress WP LinkedIn Auto Publish Plugin <= 8.11 is vulnerable to Broken Access Control

Software WP LinkedIn Auto Publish Type Plugin Vulnerable versions = 8.11 Fixed in 8.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32797 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 03094155e86a Credits Abdi Pranata Required...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...

WordPress Smash Balloon Social Post Feed Plugin <= 4.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smash Balloon Social Post Feed Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-31379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0081dd599b5c Credits Majed Refa...

WordPress Easy Digital Downloads Plugin <= 3.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89807a8f40a1 Credits Dhabaleshwar...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.8 is vulnerable to Cross Site Scripting (XSS)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.8 Fixed in 6.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3615c0b97947 Credits Steven Julian...

WordPress Sitekit Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Sitekit Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-29111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c6b957dd4df3 Credits CatFather Required privilege Contribut...

WordPress Site Reviews Plugin <= 6.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.11.6 Fixed in 6.11.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29095 Patch priority Low CVSS severity Low 5.9 Developer Gemini Labs PSID ea55e6cb50a9 Credits isacaya Required privilege Author Published...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress Colibri Page Builder Plugin <= 1.0.253 is vulnerable to Cross Site Request Forgery (CSRF)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.253 Fixed in 1.0.260 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1361 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ba2ec46e6e74 Credits Lucio Sá...

WordPress wpDataTables Plugin <= 3.4.2.4 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.4 Fixed in 3.4.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0591 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8b3b0085c333 Credits stealthcopter Required...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1157 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d94380d5f2fc Credits Mdr Required privilege...

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...