WordPress Purity Of Soul Theme <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Purity Of Soul Type Theme Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43348 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e3680e055fd Credits justakazh Required privilege...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Settings Change

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 786f4284258a Credits Dave Jong Patchstack Required...

WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6494 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 71728d9c7064 Credits Majdeddine B...

WordPress Robin image optimizer Plugin <= 1.6.9 is vulnerable to Broken Access Control

Software Robin image optimizer Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43122 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a94e3ea55a34 Credits Joshua Chan...

WordPress WooCommerce Product Table Lite Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Table Lite Type Plugin Vulnerable versions = 3.5.1 Fixed in 3.8.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b99493f3472e Credits Luc...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2759a5c87ac3 Credits István Márton...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5280 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fe8966b39d9 Credits caon Required...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37929 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a51ba27e9212 Credits Dave Jong Patchstac...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37515 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 4539c5a9e2c2 Credits LVT-tholv2k...

WordPress WP Directory Kit Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Directory Kit Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37487 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7617d8e7c195 Credits Dimas Maulana Required privileg...

WordPress Simple AL Slider Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Simple AL Slider Type Plugin Vulnerable versions = 1.2.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0854b8133aa8 Credits Bob Matyas Require...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 2.4.7 is vulnerable to Cross Site Scripting (XSS)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 2.4.7 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37259 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID 6e88ac2a1e7f Credits Yudisti...

WordPress Social Rocket Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Social Rocket Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37258 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44ba23451631 Credits Dimas Maulana Required privilege...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4477 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 68e2026bab3a Credits Bob Matyas Required...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Denial of Service Attack

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Denial of Service Attack CVE CVE-2024-37111 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 725f15bcf19c Credits Dave Jong Patchsta...

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...