WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Min Max Step Quantity Limits Manager for WooCommerce versions = 5.1.0...

WordPress Administrator Z plugin <= 2025.03.28 - Directory Traversal Vulnerability

Directory Traversal Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Administrator Z versions = 2025.03.28...

WordPress FluentSMTP Plugin <= 2.2.82 is vulnerable to PHP Object Injection

Software FluentSMTP Type Plugin Vulnerable versions = 2.2.82 Fixed in 2.2.83 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9511 Patch priority Low CVSS severity Low 9.8 Developer WP ManageNinja LLC PSID 44d93a16fa65 Credits Leo Required privilege Unauthenticated...

WordPress Mobilize Plugin <= 3.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mobilize Type Plugin Vulnerable versions = 3.0.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51649 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 686b496076f9 Credits SOPROBRO Required privilege...

WordPress LifterLMS Plugin <= 7.7.5 is vulnerable to SQL Injection

Software LifterLMS Type Plugin Vulnerable versions = 7.7.5 Fixed in 7.7.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7349 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 171b245559b0 Credits FKSEC Required privilege Administrator Published 6...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Insecure Direct Object References (IDOR)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8123 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID...

WordPress Advanced Form Integration Plugin <= 1.89.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Advanced Form Integration Type Plugin Vulnerable versions = 1.89.4 Fixed in 1.89.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43340 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68886b7fa92b Credits Ananda...

WordPress Grow by Tradedoubler Plugin < 2.0.22 is vulnerable to Local File Inclusion

Software Grow by Tradedoubler Type Plugin Vulnerable versions 2.0.22 Fixed in 2.0.22 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6460 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 01b6350330ff Credits Project Black Required privilege...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Local File Inclusion

Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37499 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress ConvertPlus Plugin <= 3.5.26 is vulnerable to PHP Object Injection

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.26 Fixed in 3.5.26.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4838 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a94dcf4ccf5a Credits haidv35 Required privilege Contributo...

WordPress EmpowerWP Theme <= 1.0.21 is vulnerable to Cross Site Request Forgery (CSRF)

Software EmpowerWP Type Theme Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34809 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 85b13182da01 Credits Dhabaleshwar Das Require...

WordPress All In One WP Security & Firewall Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software All In One WP Security & Firewall Type Plugin Vulnerable versions = 5.2.6 Fixed in 5.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4458bfd0a1fc Credits...

WordPress MoveTo Plugin <= 6.2 is vulnerable to Settings Change

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-25912 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b88d3d6ad2fe Credits Dave Jong Patchstack Required privilege...

WordPress JetEngine Plugin <= 3.2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetEngine Type Plugin Vulnerable versions = 3.2.5.1 Fixed in 3.2.5.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 289af3150189 Credits Rafie Muhammad Patchstack...

WordPress WP News and Scrolling Widgets Plugin <= 4.8 is vulnerable to Broken Access Control

Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID a844c6c0c8f3 Credits Abdi Pranata...

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to Arbitrary File Deletion

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-3155 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID ce42760e71e9 Credits Linwz from DEVCORE Required...

WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload

Software WordPress Job Board and Recruitment Plugin – JobWP Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-29384 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f62df9186ce4 Credits MyungJu K...

WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection

Software Post to CSV by BestWebSoft Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-36527 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 7da5ccbd6441 Credits Mika Required privilege Author Publish...

WordPress Pie Register Plugin < 3.8.1.3 is vulnerable to Arbitrary Content Deletion

Software Pie Register Type Plugin Vulnerable versions 3.8.1.3 Fixed in 3.8.1.3 OWASP Top 10 A1: Injection Classification Arbitrary Content Deletion CVE CVE-2022-4024 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 837f46e8cf1c Credits cydave Required privilege...

WordPress Extensive VC Addons for WPBakery page builder Plugin < 1.9.1 is vulnerable to Local File Inclusion

Software Extensive VC Addons for WPBakery page builder Type Plugin Vulnerable versions 1.9.1 Fixed in 1.9.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0159 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 335c3e6ccfa2 Credits dc11 Required...