WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38795 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e3cbe0b07232 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 234 is vulnerable to Broken Access Control

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 234 Fixed in 235 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-38792 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b86aa3788718...

WordPress WP QuickLaTeX Plugin < 3.8.8 is vulnerable to Cross Site Scripting (XSS)

Software WP QuickLaTeX Type Plugin Vulnerable versions 3.8.8 Fixed in 3.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5529 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f0666acc2d5f Credits Bob Matyas Required privileg...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39622 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ecd756a53e31 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Addonify Plugin <= 1.2.16 is vulnerable to Sensitive Data Exposure

Software Addonify Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6560 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d0b06da3556d Credits stealthcopter Required privileg...

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

WordPress Conditional Fields for Contact Form 7 Plugin <= 2.4.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Conditional Fields for Contact Form 7 Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e1825173a8a1...

WordPress Atarim Plugin <= 4.0 is vulnerable to Broken Access Control

Software Atarim Type Plugin Vulnerable versions = 4.0 Fixed in 4.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38771 Patch priority Medium CVSS severity Medium 6.5 Developer Atarim PSID 7e5566c5bcde Credits piro Required privilege Unauthenticated...

WordPress FV Flowplayer Video Player Plugin <= 7.5.46.7212 is vulnerable to SQL Injection

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.46.7212 Fixed in 7.5.47.7212 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6338 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 35cbf5adc214 Credits Arkadiusz Hydzik Required...

WordPress Bug Library Plugin < 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bug Library Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33f82588687d Credits Bob Matyas Required privilege...

WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...

WordPress Filter & Grids Plugin < 2.8.33 is vulnerable to Local File Inclusion

Software Filter & Grids Type Plugin Vulnerable versions 2.8.33 Fixed in 2.8.33 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6164 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fa64410035b5 Credits Project Black Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.26 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.26 Fixed in 5.7.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5703 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1ed8caccfad Credits Arkadiusz...

WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6660 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0a2c97d6e1ad Credits shaman0x01 Required privilege Subscriber...

WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...

WordPress Glossary Plugin <= 2.2.26 is vulnerable to Sensitive Data Exposure

Software Glossary Type Plugin Vulnerable versions = 2.2.26 Fixed in 2.2.27 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6570 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 321b9ea74460 Credits stealthcopter Required privileg...

WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control

Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 671675d484b6 Credits Bob Matyas Required privilege...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5280 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fe8966b39d9 Credits caon Required...