WordPress CM On Demand Search And Replace Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf0ce3925274 Credits...

WordPress PeachPay Payments Plugin <= 1.112.0 is vulnerable to Cross Site Scripting (XSS)

Software PeachPay Payments Type Plugin Vulnerable versions = 1.112.0 Fixed in 1.113.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11362 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab27db02ed0 Credits vgo0 Requir...

WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication

Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress WPFunnels Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10792 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID b1c17399226b Credits Nathan calysteon Require...

WordPress Page Parts Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Page Parts Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5273fd367a Credits vgo0 Required privileg...

WordPress Ortto Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Ortto Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52482 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b5d486dfe4b Credits Le Ngoc Anh Required privilege...

WordPress Weather Atlas Widget Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Weather Atlas Widget Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52472 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5504e62dc0b7 Credits LVT-tholv2k Required privileg...

WordPress WP e-Commerce Style Email Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Software WP e-Commerce Style Email Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52462 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 22630f6609c8 Credits SOPROBRO Required...

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b71de0a7a1a1 Credits István Márton...

WordPress SimpleForm Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software SimpleForm Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9428f96f6e1 Credits Peter Thaleikis Required...

WordPress SimpleForm Contact Form Submissions Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SimpleForm Contact Form Submissions Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1b7fe42353c4 Credits...

WordPress ReConstruction Theme <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software ReConstruction Type Theme Vulnerable versions = 1.4.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52417 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09fd48f64288 Credits justakazh Required privilege...

WordPress Debug Tool Plugin <= 2.2 is vulnerable to Remote Code Execution (RCE)

Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52416 Patch priority Medium CVSS severity Medium 10 Developer Claim ownership PSID d30460ac8a3a Credits Mika Required privilege Unauthenticated...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...

WordPress Advanced Form Integration Plugin <= 1.92.0 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Form Integration Type Plugin Vulnerable versions = 1.92.0 Fixed in 1.92.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8dcdef7d81d Credits Peter...

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Redirect & Thank You Page Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10685 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b725076f7fcb...

WordPress WOLF Plugin <= 1.0.8.3 is vulnerable to Path Traversal

Software WOLF Type Plugin Vulnerable versions = 1.0.8.3 Fixed in 1.0.8.4 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-52396 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 1a1949b4101b Credits Trương Hữu Phúc truonghuuphuc Require...

WordPress Wp-ImageZoom Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Wp-ImageZoom Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9934 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48857c949d4e Credits Mohammad Nikouei Requir...