WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6075 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c3f59dd6bdda Credits Bob Matyas Required privileg...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6072 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 416714c64e72 Credits Bob Matyas Required...

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...

WordPress WP Links Page Plugin <= 4.9.5 is vulnerable to Broken Access Control

Software WP Links Page Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6465 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b1e0ddf2ea6 Credits Lucio Sá Required privilege...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

WordPress Tournamatch Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Tournamatch Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5627 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 160ba992cf57 Credits Davide Balzano Required...

WordPress Shortcodes Ultimate Pro Plugin < 7.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.1.5 Fixed in 7.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6182f916e0f Credits Dmitrii Ignatyev...

WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...

WordPress Seriously Simple Podcasting Plugin < 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3751 Patch priority Low CVSS severity Low 5.9 Developer Castos PSID a88cd16d6fc7 Credits Thanh Hang Required...

WordPress CM Email Registration Blacklist and Whitelist Plugin < 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Email Registration Blacklist and Whitelist Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 352ac64ce637...

WordPress Hostel Plugin < 1.1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Hostel Type Plugin Vulnerable versions 1.1.5.3 Fixed in 1.1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8eec664963a4 Credits Bob Matyas Required...

WordPress Watu Quiz Plugin < 3.4.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions 3.4.1.2 Fixed in 3.4.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2640 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 617bfa58ba67 Credits Eunho Kim Required privilege...

WordPress WP Total Branding Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Total Branding Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6625 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7d5303cf6ee Credits Artem Polynko Artem Polynk...

WordPress Inline Related Posts Plugin < 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Inline Related Posts Type Plugin Vulnerable versions 3.7.0 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5626 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e490330be604 Credits Dmitrii Ignatye...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

WordPress Social Media Widget Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media Widget Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0974 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 904528994de0 Credits Dmitrii Ignatyev...

WordPress Zoho Campaigns Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Zoho Campaigns Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-38752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48112379bb70 Credits Majed Refaea Required...

WordPress JSON Content Importer Plugin <= 1.5.6 is vulnerable to Server Side Request Forgery (SSRF)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.6.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38723 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f916d2cf2c68 Credits...