WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

WordPress Popup Builder Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2544 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4d2b92dba351 Credits Alex Thomas Required...

WordPress Folders Pro Plugin <= 3.0.2 is vulnerable to Path Traversal

Software Folders Pro Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2023 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 7b7d820c78b3 Credits Colin Xu Required privilege Author...

WordPress Folders Plugin <= 3.0 is vulnerable to Path Traversal

Software Folders Type Plugin Vulnerable versions = 3.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2023 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 79dd420f62c9 Credits Colin Xu Required privilege Author...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4258 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9418bfa5fb03 Credits WordFence Required privilege Unauthenticated...

WordPress Folders Pro Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software Folders Pro Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2024 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 56270bd65a1a Credits Colin Xu Required privilege Author Publish...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.38 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.38 Fixed in 3.2.39 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4863 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 422e929006f1 Credits...

WordPress Dashboard Widgets Suite Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0979 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ec515656a329 Credits Krzysztof...

WordPress Newsletter - API addon (Premium) Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Newsletter - API addon Premium Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5674 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f2621f00fec2 Credits Arkadiusz...

WordPress Sassy Social Share Plugin < 3.3.63 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.63 Fixed in 3.3.63 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4924 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8218db38fbf6 Credits Dmitrii Ignatyev...

WordPress Premium Addons for Elementor Plugin <= 4.10.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.33 Fixed in 4.10.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5553 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 89dccdfaef3d Credits wesley wcraft...

WordPress Pearl Plugin <= 1.3.7 is vulnerable to Broken Access Control

Software Pearl Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5468 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 816d74377350 Credits Lucio Sá Required privilege...

WordPress Activity Reactions For Buddypress Plugin <= 12.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Activity Reactions For Buddypress Type Plugin Vulnerable versions = 12.5.0 Fixed in 12.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a3e1e0166ec Credit...

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.8 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.8.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4266 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID f8748d7d1a5f Credits Tim Coen...

WordPress Dokan Pro Plugin <= 3.10.3 is vulnerable to SQL Injection

Software Dokan Pro Type Plugin Vulnerable versions = 3.10.3 Fixed in 3.11.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3922 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 26604a730056 Credits villu164 Required privilege Unauthenticated Publishe...

WordPress Custom Field Template Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Template Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79102f5cc8d6 Credits Luk 6785 Required...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

WordPress ARForms Plugin < 6.6 is vulnerable to Remote Code Execution (RCE)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-4620 Patch priority High CVSS severity High 10 Developer Claim ownership PSID eba026d169e8 Credits mgthuramoemyint Required privilege Unauthenticated...