12 matches found
WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by timomangcut in WordPress Plugin XT Event Widget for Social Events versions = 1.1.7...
WordPress Beds24 Online Booking plugin <= 2.0.28 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Beds24 Online Booking versions = 2.0.28...
WordPress Responsive Lightbox Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Responsive Lightbox Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49282 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0929b0920fa2 Credits Robert DeVore Required privilege...
WordPress Qi Blocks Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Qi Blocks Type Plugin Vulnerable versions = 1.3 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38712 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 2769fd09ee1f Credits João Pedro S Alcântara Kinorth Required...
WordPress Contact Form by TotalForm Plugin <= 1.0.0 is vulnerable to Backdoor
Software Contact Form by TotalForm Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0dad1dc6ec75 Credits Sansec.io Required privilege Unauthenticated Published ...
WordPress Advanced Woo Labels Plugin <= 1.93 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Woo Labels Type Plugin Vulnerable versions = 1.93 Fixed in 1.94 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35675 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ad89d9224a2 Credits savphill Required privilege...
WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection
Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...
WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload
Software WooCommerce Easy Checkout Field Editor, Fees & Discounts Type Plugin Vulnerable versions = 3.5.12 Fixed in 3.5.13 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25925 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a8071054e8b4 Credi...
WordPress Brizy Plugin <= 2.4.29 is vulnerable to Cross Site Scripting (XSS)
Software Brizy Type Plugin Vulnerable versions = 2.4.29 Fixed in 2.4.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51396 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a61ae26c3500 Credits emad Required privilege Contributor Published ...
WordPress iPages Flipbook Plugin <= 1.4.8 is vulnerable to SQL Injection
Software iPages Flipbook Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47236 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca6f53544a70 Credits Muhammad Daffa Required privilege Administrator...
WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection
Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-37390 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 27be6a2ff8c6 Credits Robert R Required...
WordPress Client Invoicing by Sprout Invoices Plugin <= 19.0 is vulnerable to Cross Site Scripting (XSS)
Software Client Invoicing by Sprout Invoices Type Plugin Vulnerable versions = 19.0 Fixed in 19.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 631ad2b39f71 Credits Rafie Muhammad...