397 matches found
WordPress My Reading Library Plugin <= 1.0 is vulnerable to PHP Object Injection
Software My Reading Library Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49318 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 404c7fdc5e2d Credits LVT-tholv2k Required privilege...
WordPress BuddyPress Better Registration Plugin <= 1.6 is vulnerable to Broken Authentication
Software BuddyPress Better Registration Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-49247 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4288fed05f70...
WordPress Azz Anonim Posting Plugin <= 0.9 is vulnerable to Arbitrary File Upload
Software Azz Anonim Posting Type Plugin Vulnerable versions = 0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49257 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a0f84f528406 Credits stealthcopter Required privilege...
WordPress Pedalo Connector Plugin <= 2.0.5 is vulnerable to Broken Authentication
Software Pedalo Connector Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9822 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4f984c880363 Credits István...
WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication
Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...
WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload
Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...
WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 148c8b46d288 Credits Keitaro Yamazaki...
WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download
Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...
WordPress Affiliate Pro - Affiliate Program for WooCommerce & WordPress Plugin <= 8.4.1 is vulnerable to Privilege Escalation
Software Affiliate Pro - Affiliate Program for WooCommerce & WordPress Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.5.0 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a5bcf0c87e...
WordPress KB Support Plugin <= 1.6.6 is vulnerable to Broken Access Control
Software KB Support Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8548 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4619b943c20e Credits Krzysztof Zając Required privileg...
WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication
Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...
WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection
Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...
WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection
Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...
WordPress JupiterX Core Plugin <= 4.7.5 is vulnerable to Broken Authentication
Software JupiterX Core Type Plugin Vulnerable versions = 4.7.5 Fixed in 4.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4950f50fad7a Credits Geo Void...
WordPress Multi Step for Contact Form Plugin <= 2.7.7 is vulnerable to SQL Injection
Software Multi Step for Contact Form Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47331 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a27c5e08d690 Credits Hakiduck Required privilege...
WordPress MH Board Plugin <= 1.3.2.1 is vulnerable to Local File Inclusion
Software MH Board Type Plugin Vulnerable versions = 1.3.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44017 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 729ae474bd3b Credits tahu.datar Required privilege Unauthenticated...
WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion
Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...
WordPress Houzez Theme <= 3.2.4 is vulnerable to Privilege Escalation
Software Houzez Type Theme Vulnerable versions = 3.2.4 Fixed in 3.3.0 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-22303 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 51553a618b56 Credits luc Required privilege Subscriber...
WordPress WPCargo Track & Trace Plugin <= 7.0.6 is vulnerable to SQL Injection
Software WPCargo Track & Trace Type Plugin Vulnerable versions = 7.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-44004 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8e07b930efd1 Credits LVT-tholv2k Required privilege...
WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.90 is vulnerable to Privilege Escalation
Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.90 Fixed in 2.2.91 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8253 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 751ae97fca06 Credits wesley wcraft...