22 matches found
WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...
WordPress Relevanssi plugin <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights vulnerability
Unauthenticated Stored Cross-Site Scripting via Search Highlights vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.3...
WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetPopup versions = 2.0.11...
WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal
Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...
WordPress WooCommerce Price Alert Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Price Alert Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64532f957694 Credits Mika Required privilege...
WordPress Post Status Notifier Premium Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)
Software Post Status Notifier Premium Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dcdb37cb71e Credits...
WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...
WordPress Templately Plugin <= 3.1.2 is vulnerable to Broken Access Control
Software Templately Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47308 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e4f1c6a95d39 Credits Joshua Chan Required privile...
WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control
Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7032 Patch priority Medium CVSS severity Medium 6.5 Developer Zaytech PSID 1d01355fa1e4 Credits Lucio Sá Required...
WordPress Cooked Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)
Software Cooked Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-41816 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18a7c8d0faab Credits re-alter Required privilege Subscriber...
WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure
Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80da7493f574 Credits Dave Jong...
WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...
WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)
Software Yoast SEO Type Plugin Vulnerable versions = 21.0 Fixed in 21.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40680 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID c49205f84c75 Credits Rafie Muhammad Patchstack Required...
WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload
Software Mollie Payments for WooCommerce Type Plugin Vulnerable versions = 7.3.11 Fixed in 7.3.12 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-6090 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 5c0982698e82 Credits Rafie Muhammad...
WordPress DoLogin Security Plugin <= 3.7.1 is vulnerable to Broken Access Control
Software DoLogin Security Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46608 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 5adc7395b967 Credits Mika Required privilege...
WordPress Blog Sidebar Widget Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Blog Sidebar Widget Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7ae8bbf8a06a Credits Rafie Muhammad Patchstack...
WordPress URL Params Plugin < 2.5 is vulnerable to Cross Site Scripting (XSS)
Software URL Params Type Plugin Vulnerable versions 2.5 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c07bdc476562 Credits Lana Codes Required privilege...
WordPress Forminator Plugin <= 1.22.1 is vulnerable to Broken Access Control
Software Forminator Type Plugin Vulnerable versions = 1.22.1 Fixed in 1.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer WPMU DEV PSID 38229dd9fbd0 Credits Unknown Required privilege Subscriber...
WordPress PowerPress Podcasting Plugin <= 10.0 is vulnerable to Cross Site Scripting (XSS)
Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.0 Fixed in 10.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1917 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2e844f252ce9 Credits Alex Thomas...
WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control
Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...