WordPress Royal Elementor Addons plugin <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated DOM-Based Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Royal Elementor Addons versions = 1.7.1012...

WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control

Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...

WordPress Marketing Automation by AZEXO Plugin <= 1.27.80 is vulnerable to Privilege Escalation

Software Marketing Automation by AZEXO Type Plugin Vulnerable versions = 1.27.80 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50506 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3eb031584d8d...

WordPress Themify Builder Plugin <= 7.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.2 Fixed in 7.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab445f01cba Credits Colin Xu Required...

WordPress Userpro Plugin <= 5.1.8 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-35700 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbe11c6e1e92 Credits Rafie Muhammad...

WordPress Jobeleon Theme Theme <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Jobeleon Theme Type Theme Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47153 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID aabfc23028f4 Credits RE-ALTER Required...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1160 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e8f08db6c8ba Credits wesley wcraft Required...

WordPress Allow SVG Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Allow SVG Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1ff41df5c9e Credits Bob Matyas Required privilege...

WordPress RSS Aggregator by Feedzy Plugin <= 4.3.2 is vulnerable to Cross Site Scripting (XSS)

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6801 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7b021f6dbd31 Credits Colin Xu Requir...

WordPress Post Status Notifier Lite Plugin <= 1.11.0 is vulnerable to Cross Site Scripting (XSS)

Software Post Status Notifier Lite Type Plugin Vulnerable versions = 1.11.0 Fixed in 1.11.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47766 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 689a35bf0f0b Credits LEE SE...

WordPress iframe forms Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software iframe forms Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5073 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1839edf7170f Credits István Márton Required privileg...

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Scripting (XSS)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2171 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 965111d21cf9 Credits Alex Thomas Required privilege...

WordPress Enable SVG Uploads Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Enable SVG Uploads Type Plugin Vulnerable versions = 2.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2529 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 30a7df5e4d4a Credits Mateus Machado Tesser...

WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33319 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da1adfccae00 Credits...

WordPress Easy Forms for Mailchimp Plugin < 6.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.7 Fixed in 6.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1325 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bd41da1d02a4 Credits Erwan LR...

WordPress Team Member Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)

Software Team Member Type Plugin Vulnerable versions = 4.4 Fixed in 4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23647 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 58324d90afad Credits Rio Darmawan Required privilege...

WordPress Japanized For WooCommerce Plugin <= 2.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Japanized For WooCommerce Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0942 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8b189e4d7501 Credits Marco Wotsch...

WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting Vulnerability

Tittle: WordPress Plugin Anti-Malware Security and Brute-Force Firewall HTTP/1.1 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzi...

WordPress UpdraftPlus Plugin < 1.22.9 - Reflected Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...

WordPress Hummingbird Cross Site Scripting

Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...