WordPress pageMash > Page Management Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software pageMash Page Management Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31087 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77d83c9f1a3c Credits Dimas Maulana Required...

WordPress Hacklog Down As PDF Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Hacklog Down As PDF Type Plugin Vulnerable versions = 2.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 688ae2dee281 Credits Dimas Maulana Required privile...

WordPress User Rights Access Manager Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software User Rights Access Manager Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31122 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 0673dec6d13c Credits Yudistira Arya Required...

WordPress Meta Tag Manager Plugin <= 3.0.2 is vulnerable to PHP Object Injection

Software Meta Tag Manager Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1770 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID e36fbb9c63ac Credits Francesco Carlucci Required privilege...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...

WordPress Sunshine Photo Cart Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Sunshine Photo Cart Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30194 Patch priority Medium CVSS severity Medium 7.1 Developer WP Sunshine PSID fc4e8435fb65 Credits Dimas Maulana Required privilege...

WordPress Premium Packages Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29924 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fd83d5609f73 Credits Yudistira Arya Required privile...

WordPress MyCurator Content Curation Plugin <= 3.76 is vulnerable to Cross Site Scripting (XSS)

Software MyCurator Content Curation Type Plugin Vulnerable versions = 3.76 Fixed in 3.77 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29139 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5416935cfa3 Credits LVT-tholv2k Required...

WordPress Specific Content For Mobile – Customize the mobile version without redirections Plugin <= 0.1.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Specific Content For Mobile – Customize the mobile version without redirections Type Plugin Vulnerable versions = 0.1.9.5 Fixed in 0.1.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29126 Patch priority Medium CVSS severity Medium 7.1 Developer Claim...

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9bd74cd8e71 Credits...

WordPress Socialdriver Theme < 2024 is vulnerable to Cross Site Scripting (XSS)

Software Socialdriver Type Theme Vulnerable versions 2024 Fixed in 2024 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4826 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b8a90a1f910 Credits longxi Required privilege Unauthenticated...

WordPress Play.ht Plugin <= 3.6.4 is vulnerable to PHP Object Injection

Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1772 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 571b81755147 Credits Francesco Carlucci Required privilege Contribut...

WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software VK Poster Group Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-24932 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1880d39de9c0 Credits Le Ngoc Anh Require...

WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Honeypot for WP Comment Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24933 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 01642edd0b7b Credits Dimas Maulana Required...

WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Arbitrary File Deletion

Software Honeypot for WP Comment Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary File Deletion CVE CVE-2024-1350 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 972e393f6005...

WordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Mighty Addons for Elementor Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24846 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 487dfa184881 Credits Yudistira Arya Require...

WordPress PopupAlly Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software PopupAlly Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23520 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a577e748f483 Credits Abdi Pranata Required privile...

WordPress SimpleMap Store Locator Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software SimpleMap Store Locator Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22282 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ef3007a7000 Credits Dimas Maulana Required...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b43943b2a15f Credits Francesco Carlucci Required...