904 matches found
WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)
Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...
CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...
CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...
WordPress Global Gateway e4 | Payeezy Gateway | Plugin <= 2.0 is vulnerable to Arbitrary File Deletion
Software Global Gateway e4 | Payeezy Gateway | Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-52371 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 8614ac115bc9 Credits stealthcopter...
WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...
WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication
Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...
WordPress Jigoshop – Store Toolkit Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software Jigoshop – Store Toolkit Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84e860833836 Credits Zlrqh Required privilege...
WordPress Master Bar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Master Bar Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51698 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8fdc2a965ea2 Credits João Pedro S Alcântara Kinorth Required...
WordPress Simplistic SEO Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Simplistic SEO Type Plugin Vulnerable versions = 2.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51719 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fcffa486be1c Credits João Pedro S Alcântara Kinorth...
WordPress HQ60 Fidelity Card Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)
Software HQ60 Fidelity Card Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51713 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bd789775dbe4 Credits SOPROBRO Required privilege...
WordPress Don't Break The Code Plugin <= .3.1 is vulnerable to Cross Site Scripting (XSS)
Software Don't Break The Code Type Plugin Vulnerable versions = .3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e5611bdb41d7 Credits João Pedro S Alcântara Kinorth...
WordPress Loginplus Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Loginplus Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3789effcd64f Credits Mika Required privilege Unauthenticated...
WordPress Satisfaction Reports from Help Scout Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Satisfaction Reports from Help Scout Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51778 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf60abd46d51 Credits thiennv...
WordPress BBP Core - Expand bbPress powered forums with useful features Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software BBP Core - Expand bbPress powered forums with useful features Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9896 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...
WordPress RSVPMaker for Toastmasters Plugin <= 6.2.4 is vulnerable to Arbitrary File Upload
Software RSVPMaker for Toastmasters Type Plugin Vulnerable versions = 6.2.4 Fixed in 6.2.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50531 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 44944f5e5051 Credits stealthcopter Required...
WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication
Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9989 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a98b5d070482 Credits István Márton...
WordPress Bulk Change Role Plugin <= 1.1 is vulnerable to Privilege Escalation
Software Bulk Change Role Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50504 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ae994493e2ec Credits Muhamad Ag...
WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication
Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...
WordPress GRÜN spendino Spendenformular Plugin <= 1.0.1 is vulnerable to Privilege Escalation
Software GRÜN spendino Spendenformular Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50476 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6ea142807fb0...
WordPress Woocommerce Quote Calculator Plugin <= 1.1 is vulnerable to SQL Injection
Software Woocommerce Quote Calculator Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50479 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9292eef5e46d Credits LVT-tholv2k Required privilege...