WordPress UsersWP Plugin < 1.2.12 is vulnerable to Sensitive Data Exposure

Software UsersWP Type Plugin Vulnerable versions 1.2.12 Fixed in 1.2.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6477 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 23cb0cdd0abd Credits Majdeddine Ben Hadj Brahim Require...

WordPress Sync Post With Other Site Plugin <= 1.6 is vulnerable to Broken Access Control

Software Sync Post With Other Site Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6709 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 159a5eca941a Credits Lucio Sá Required...

WordPress Horizontal scrolling announcements Plugin <= 2.4 is vulnerable to SQL Injection

Software Horizontal scrolling announcements Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5000 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a1ff35c414c3 Credits István Márton Required privilege...

WordPress File Manager Pro Plugin <= 1.8.2 is vulnerable to Settings Change

Software File Manager Pro Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-7031 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID dd2b25032f95 Credits bart Required privilege Subscriber...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

WordPress wpDiscuz Plugin <= 7.6.21 is vulnerable to Content Injection

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.21 Fixed in 7.6.22 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-6704 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 32773981ccf8 Credits Tieu Pham Trong Nhan aptx4869 Required privilege...

WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication

Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...

WordPress Salon booking system Plugin <= 10.7 is vulnerable to SQL Injection

Software Salon booking system Type Plugin Vulnerable versions = 10.7 Fixed in 10.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39658 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4a5a4b833999 Credits justakazh Required privilege Administrator...

WordPress Essential Addons for Elementor Plugin <= 5.9.26 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.26 Fixed in 5.9.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39649 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID a786e5c76954 Credits wcraft Required privilege...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.77 is vulnerable to Cross Site Scripting (XSS)

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.77 Fixed in 3.3.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39655 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a190a4c0c44f...

WordPress Filter & Grids Plugin <= 2.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Filter & Grids Type Plugin Vulnerable versions = 2.9.2 Fixed in 2.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39665 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4cff851eecee Credits RE-ALTER Required privilege Contributor...

WordPress Ultimate Classified Listings Plugin < 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.4 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6529 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1fa83322914e Credits Erwan LR...

WordPress Tutor LMS Plugin <= 2.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-39645 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dcc37aabdfcd Credits Rafie Muhammad Patchstack...

WordPress Sign-up Sheets Plugin <= 2.2.12 is vulnerable to Broken Access Control

Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39654 Patch priority Low CVSS severity Low 5.3 Developer Fetch Designs PSID bf5384db048d Credits Joshua Chan Required privilege...

WordPress HTML Forms Plugin < 1.3.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML Forms Type Plugin Vulnerable versions 1.3.34 Fixed in 1.3.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6412 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 512deb690c57 Credits Bob Matyas Required...

WordPress Pmpro Membership Maps Plugin < 0.7 is vulnerable to Sensitive Data Exposure

Software Pmpro Membership Maps Type Plugin Vulnerable versions 0.7 Fixed in 0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1286 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7b3657c40ef Credits Scott Kingsley Clark...

WordPress CZ Loan Management Plugin <= 1.1 is vulnerable to SQL Injection

Software CZ Loan Management Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5975 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID c42111d4bd74 Credits Project Black Required privilege Unauthenticated...

WordPress Send email only on Reply to My Comment Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Send email only on Reply to My Comment Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6224 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 251d7c486476 Credi...

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5765 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 003d2dbb7aa7 Credits Project Black Required privilege Unauthenticated...

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ad3f0b1cf19 Credits Bob Matyas Required...