WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin WP Mapa Politico España versions = 3.8.0...

WordPress QuadMenu plugin <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update vulnerability

Cross-Site Request Forgery to Limited User Meta Update vulnerability discovered by Peter Thaleikis in WordPress Plugin QuadMenu versions = 3.2.0...

WordPress Video Gallery for WooCommerce Plugin <= 1.31 is vulnerable to Broken Access Control

Software Video Gallery for WooCommerce Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10535 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fc5201d78d06 Credits incognito Require...

WordPress Transients Manager Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Transients Manager Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10045 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3cec6ef3dda4 Credits David Gallagher...

WordPress BA Book Everything Plugin <= 1.6.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8795 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID ac1ae1bb0f23 Credits wesley wcraft...

WordPress Posts reminder Plugin <= 0.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Posts reminder Type Plugin Vulnerable versions = 0.20 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8093 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f49f52b3e7c5 Credits Daniel Ruf Required...

WordPress Classified Listing Plugin <= 3.1.7 is vulnerable to Broken Access Control

Software Classified Listing Type Plugin Vulnerable versions = 3.1.7 Fixed in 3.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7888 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f376c836f9e9 Credits Lucio Sá Required privilege...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

WordPress LiteSpeed Cache Plugin <= 6.2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.2.0.1 Fixed in 6.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3246 Patch priority Low CVSS severity Low 7.1 Developer Hai Zheng / Lite Speed Cache PSID a654720372d3 Credits Krzyszt...

WordPress ContentLock Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software ContentLock Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6023 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38c834154e63 Credits Norbert Hofmann Required...

WordPress Promolayer Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software Promolayer Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3602 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db7856cf6e2a Credits Lucio Sá Required privilege Subscribe...

WordPress ProfileGrid Plugin <= 5.8.6 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.6 Fixed in 5.8.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5453 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cc4be9b4d163 Credits Lucio Sá Required privilege...

WordPress Joli FAQ SEO – WordPress FAQ Plugin Plugin <= 1.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Joli FAQ SEO – WordPress FAQ Plugin Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4082 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 58b281b80ddf Credits...

WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6327 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b04aa8b3961f Credits Francesco Carlucci Required privile...

WordPress Herd Effects Plugin < 5.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Herd Effects Type Plugin Vulnerable versions 5.2.7 Fixed in 5.2.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3478 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fdd1c4816ada Credits Bob Matyas Required...

WordPress WP Media Cleaner Plugin <= 6.7.2 is vulnerable to Sensitive Data Exposure

Software WP Media Cleaner Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.7.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-33922 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 489615881bfc Credits Joshua Chan Required...

WordPress Classified Listing Plugin <= 3.0.10.3 is vulnerable to Broken Access Control

Software Classified Listing Type Plugin Vulnerable versions = 3.0.10.3 Fixed in 3.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3893 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fa3de2925e Credits Lucio Sá Required...

WordPress Poll Maker Plugin <= 5.1.8 is vulnerable to Broken Access Control

Software Poll Maker Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3601 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63b85f561955 Credits Krzysztof Zając Required privilege...

WordPress User Registration Plugin <= 3.1.5 is vulnerable to Broken Access Control

Software User Registration Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3295 Patch priority Medium CVSS severity Medium 6.5 Developer Masteriyo PSID 0a09ce75cc11 Credits wesley wcraft Required...

WordPress Easy Social Feed Plugin <= 6.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.4 Fixed in 6.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1214 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7cd784da6bf Credits Eldar Zeynalli...