3398 matches found
WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)
Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.11.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6627 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID 0dee5f2221b3 Credits Webbernaut Required...
WordPress WooCommerce Product Table Lite Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Product Table Lite Type Plugin Vulnerable versions = 3.5.1 Fixed in 3.8.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b99493f3472e Credits Luc...
WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...
WordPress Email Encoder Bundle Plugin < 2.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Email Encoder Bundle Type Plugin Vulnerable versions 2.2.2 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5d3ad3645d3e Credits Krugov Artyom Require...
WordPress Media.net Ads Manager Plugin <= 2.10.13 is vulnerable to Arbitrary File Upload
Software Media.net Ads Manager Type Plugin Vulnerable versions = 2.10.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6431 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 89eb205a9ac8 Credits István Márton Required privilege...
WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control
Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...
WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...
WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Request Forgery (CSRF)
Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6751 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 88dfd0390d2d Credits István Márton...
WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)
Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2759a5c87ac3 Credits István Márton...
WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)
Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df6582eddf1d Credits István Márton...
WordPress PowerPack Pro for Elementor Plugin <= 2.10.14 is vulnerable to Privilege Escalation
Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.10.14 Fixed in 2.10.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-39634 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID...
WordPress All-in-One Video Gallery Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)
Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6629 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 570fc0403d8c Credits Webbernaut...
WordPress Youzify Plugin <= 1.2.6 is vulnerable to Broken Access Control
Software Youzify Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77bf27da026 Credits LVT-tholv2k Required privilege...
WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload
Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...
WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability
Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...
WordPress MaxiBlocks Plugin <= 1.9.2 is vulnerable to Arbitrary File Deletion
Software MaxiBlocks Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-6885 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 302b1ce9770d Credits Lucio Sá Required privilege...
WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation
Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...
WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion
Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...
WordPress pz-frontend-manager Plugin < 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software pz-frontend-manager Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00622e75c008 Credits Vuln Seeker...
WordPress ListingPro Plugin <= 2.9.4 is vulnerable to Local File Inclusion
Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39619 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 340c55b26054 Credits Rafie Muhammad Patchstack Required privilege...