518 matches found
WordPress Product Filter by WBW Plugin <= 2.7.0 is vulnerable to SQL Injection
Software Product Filter by WBW Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6688f0876dc2 Credits Hakiduck Required privilege Administrator...
WordPress Event Manager for WooCommerce Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6440b4e0449 Credits João Pedro S Alcântara...
WordPress Robo Gallery Plugin <= 3.2.21 is vulnerable to Cross Site Scripting (XSS)
Software Robo Gallery Type Plugin Vulnerable versions = 3.2.21 Fixed in 3.2.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49696 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 364c0d5e3b1f Credits Robert DeVore Required privilege Author...
WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to Sensitive Data Exposure
Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8852 Patch priority Low CVSS severity Low 5.3 Developer ServMask, Inc PSID 1b517ae2c2c6 Credits villu164 Required...
WordPress Google Language Translator Plugin < 6.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Google Language Translator Type Plugin Vulnerable versions 6.0.10 Fixed in 6.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3695267a00ad Credits Ram Required...
WordPress PeproDev Ultimate Invoice Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)
Software PeproDev Ultimate Invoice Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49298 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ec8d635fcc13 Credits LVT-tholv2k Required privile...
WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)
Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...
WordPress ProfileGrid Plugin <= 5.9.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3 Fixed in 5.9.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49273 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8da39e4aabe3 Credits Trương Hữu Phúc...
WordPress ShortPixel Image Optimizer Plugin <= 5.6.3 is vulnerable to SQL Injection
Software ShortPixel Image Optimizer Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48043 Patch priority Low CVSS severity Low 7.6 Developer ShortPixel PSID d284fe203395 Credits Rafie Muhammad Patchstack Required privileg...
WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.11 is vulnerable to Sensitive Data Exposure
Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.11 Fixed in 5.6.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8913 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...
WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control
Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...
WordPress LocateAndFilter Plugin <= 1.6.14 is vulnerable to Cross Site Scripting (XSS)
Software LocateAndFilter Type Plugin Vulnerable versions = 1.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9304 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 26e76d650a46 Credits Francesco Carlucci Requir...
WordPress Cost Calculator Builder Plugin < 3.2.29 is vulnerable to SQL Injection
Software Cost Calculator Builder Type Plugin Vulnerable versions 3.2.29 Fixed in 3.2.29 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8379 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0f5b1e009da9 Credits Kientt Required privilege Administrator...
WordPress Strong Testimonials Plugin <= 3.1.16 is vulnerable to Broken Access Control
Software Strong Testimonials Type Plugin Vulnerable versions = 3.1.16 Fixed in 3.1.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47362 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46ea28be2188 Credits Joshua Chan Required...
WordPress Payflex Payment Gateway Plugin <= 2.6.1 is vulnerable to Open Redirection
Software Payflex Payment Gateway Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-47646 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ac682bcd42a4 Credits Muhamad Agil Fachrian Required privile...
WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Sensitive Data Exposure
Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-7713 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 5f8161e14afa Credi...
WordPress Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Plugin <= 2.0.84 is vulnerable to Broken Access Control
Software Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Type Plugin Vulnerable versions = 2.0.84 Fixed in 2.0.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47317 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3ea101b7f4e3...
WordPress Wheel of Life Plugin <= 1.1.8 is vulnerable to Broken Access Control
Software Wheel of Life Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47311 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dc57c1e20b9a Credits hunter85 Required privilege...
WordPress Revolut Gateway for WooCommerce Plugin <= 4.17.3 is vulnerable to Broken Access Control
Software Revolut Gateway for WooCommerce Type Plugin Vulnerable versions = 4.17.3 Fixed in 4.17.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bd0a5653f5e8 Credits WordFence...
WordPress AnWP Football Leagues Plugin <= 0.16.7 is vulnerable to Cross Site Scripting (XSS)
Software AnWP Football Leagues Type Plugin Vulnerable versions = 0.16.7 Fixed in 0.16.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8917 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1862a8d1a35e Credits Francesco Carluc...