6 matches found
WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control
Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...
WordPress WP Go Maps Plugin < 9.0.28 is vulnerable to Cross Site Scripting (XSS)
Software WP Go Maps Type Plugin Vulnerable versions 9.0.28 Fixed in 9.0.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6627 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID 5fe45794e92f Credits Marc Montpas Required...
WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability via SQL Injection SQLi in Media Library discovered by Ben Bidner WordPress security team and Marc Montpas Automattic in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...
WordPress Smash Balloon Social Post Feed plugin <= 4.0 - Stored Cross-Site Scripting (XSS) via Arbitrary Setting Update vulnerability
Stored Cross-Site Scripting XSS via Arbitrary Setting Update vulnerability discovered by Marc Montpas JetPack Security Team in WordPress Smash Balloon Social Post Feed plugin versions = 4.0. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at lea...
WordPress WP Fastest Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Marc Montpas Jetpack Scan team in WordPress WP Fastest Cache plugin versions = 0.9.4. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.9.5...