397 matches found
WordPress WP Food ordering and Restaurant Menu plugin <= 1.1 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by theviper17 in WordPress Plugin WP Food ordering and Restaurant Menu versions = 1.1...
WordPress WooCommerce Pickupp plugin <= 2.4.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin WooCommerce Pickupp versions = 2.4.3...
WordPress Review Stars Count For WooCommerce plugin <= 2.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Aiden Thái An in WordPress Plugin Review Stars Count For WooCommerce versions = 2.0...
WordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by LVT-tholv2k in WordPress Plugin Database Toolset versions = 1.8.4...
WordPress DigiWidgets Image Editor plugin <= 1.10 - Remote Code Execution (RCE) Vulnerability
Remote Code Execution RCE Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DigiWidgets Image Editor versions = 1.10...
WordPress Ultimate Push Notifications plugin <= 1.2.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ultimate Push Notifications versions = 1.2.0...
WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.2.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by NAWardRox in WordPress Plugin Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One versions = 2.2.6...
WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)
Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...
WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation
Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...
WordPress Security & Malware scan by CleanTalk Plugin <= 2.145 is vulnerable to SQL Injection
Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.145 Fixed in 2.145.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10570 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ceade72368ed Credits mikemyers Required...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 is vulnerable to Broken Authentication
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.43.2 Fixed in 6.44 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10542 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a624846c5f89...
WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation
Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...
WordPress InPost Gallery Plugin <= 2.1.4.2 is vulnerable to Arbitrary Code Execution
Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.2 Fixed in 2.1.4.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-11002 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 33afec67c5eb Credits Arkadiusz Hydzik Required privile...
WordPress Grip Theme <= 1.0.9 is vulnerable to Arbitrary File Upload
Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b55cacdb5723 Credits Mika Required privilege Subscriber Published 20...
WordPress Clone Plugin <= 2.4.6 is vulnerable to PHP Object Injection
Software Clone Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10913 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3676e7fb18ec Credits Webbernaut Required privilege Unauthenticated...
WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 is vulnerable to SQL Injection
Software Distance Based Shipping Calculator Type Plugin Vulnerable versions = 2.0.21 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52495 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c1821da89db4 Credits João Pedro S Alcântara Kinort...
WordPress Express Payments Module Plugin <= 1.1.8 is vulnerable to SQL Injection
Software Express Payments Module Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52474 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d7d5c29bb8d4 Credits LVT-tholv2k Required privilege...
WordPress PostX Plugin <= 4.1.16 is vulnerable to Broken Access Control
Software PostX Type Plugin Vulnerable versions = 4.1.16 Fixed in 4.1.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10728 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 29722a758707 Credits Sean Murphy Required privilege...
WordPress Quick Learn Plugin <= 1.0.1 is vulnerable to PHP Object Injection
Software Quick Learn Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52441 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 09d3039a1cf9 Credits LVT-tholv2k Required privilege Unauthenticated...