WordPress Unseen Blog Theme <= 1.0.0 is vulnerable to PHP Object Injection

Software Unseen Blog Type Theme Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7432 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID acc2ad92c272 Credits Francesco Carlucci Required privilege...

WordPress LH Copy Media File Plugin <= 1.08 is vulnerable to Cross Site Scripting (XSS)

Software LH Copy Media File Type Plugin Vulnerable versions = 1.08 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9220 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f98d57ff7d4d Credits Colin Xu Required...

WordPress Author Avatars List/Block Plugin <= 2.1.21 is vulnerable to Cross Site Scripting (XSS)

Software Author Avatars List/Block Type Plugin Vulnerable versions = 2.1.21 Fixed in 2.1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47370 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fcface20444 Credits Hwang Se-yeon Requir...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.7.3 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47389 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ed1c15130e3 Credits Le Ngoc Anh...

WordPress SliceWP Plugin <= 1.1.18 is vulnerable to Cross Site Scripting (XSS)

Software SliceWP Type Plugin Vulnerable versions = 1.1.18 Fixed in 1.1.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f33bf1e5efc6 Credits Le Ngoc Anh Required privilege...

WordPress WP Mail Catcher Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47339 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c286bdf972a5 Credits Le Ngoc Anh Required privilege...

WordPress Newsletters Plugin <= 4.9.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletters Type Plugin Vulnerable versions = 4.9.9.1 Fixed in 4.9.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47346 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a4418b91ec6 Credits Le Ngoc Anh Required privilege...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.15 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8803 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 78a9bff492c8 Credits vgo0...

WordPress WS Form LITE Plugin <= 1.9.238 is vulnerable to Cross Site Scripting (XSS)

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.238 Fixed in 1.9.244 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47320 Patch priority Medium CVSS severity Medium 7.1 Developer WS Form PSID cb1829e55bbc Credits savphill Required privilege...

WordPress Templately Plugin <= 3.1.2 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47308 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e4f1c6a95d39 Credits Joshua Chan Required privile...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2.1 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2.1 Fixed in 1.4.2.2 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-8271 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID 630dad8a94ec Credits Arkadiusz...

WordPress WP Booking System Plugin <= 2.0.19.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.8 Fixed in 2.0.19.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8797 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8bb40c2d8e4 Credits vgo0...

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

WordPress Booking Calendar Plugin <= 10.5 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions = 10.5 Fixed in 10.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f7f6184bfbdf Credits David Gallagher...

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...

WordPress EasyJobs Plugin <= 2.4.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software EasyJobs Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.4.15 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-43997 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56a38105092f Credits Muhammad Daffa Required...

WordPress Fota WP Theme <= 1.4.1 is vulnerable to Broken Access Control

Software Fota WP Type Theme Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43980 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b10d5d19d02a Credits Fariq Fadillah Gusti Insani...

WordPress Super Store Finder Plugin <= 6.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Super Store Finder Type Plugin Vulnerable versions = 6.9.7 Fixed in 6.9.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43975 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e09dec37e3f Credits Bonds Required privilege...

WordPress String locator Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software String locator Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6987 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1314ec6116ff Credits Rein Daelman trein...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6843 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29f289a57217 Credits Karolis Narvilas...