WordPress Dashboard To-Do List Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Dashboard To-Do List Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35723 Patch priority Low CVSS severity Low 4.3 Developer Andrew Rapps PSID e4b3c03fafe1 Credits CatFather Required privileg...

WordPress Copymatic – AI Content Writer & Generator Plugin <= 1.9 is vulnerable to Broken Access Control

Software Copymatic – AI Content Writer & Generator Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35716 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID acafd07bdb00 Credits...

WordPress Album and Image Gallery plus Lightbox Plugin <= 2.0 is vulnerable to Broken Access Control

Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4194 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3971913257ef Credits...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.20 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.20 Fixed in 5.7.21 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4295 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 50be2b9566fd Credits 1337Wannabe Required privilege...

WordPress Five Star Restaurant Menu Plugin <= 2.4.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Menu Type Plugin Vulnerable versions = 2.4.16 Fixed in 2.4.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5459 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3ee7a9da89d Credits Lucio Sá Required...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3667 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cff58ae2952e Credits Webbernaut Required privilege...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2087 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ead457b1b8e9 Credits wesley wcraft Required...

WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5324 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8315f4731f19 Credits 1337Wannabe - home Requir...

WordPress EmbedPress Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09e449af3af2 Credits wesley wcraft Required...

WordPress MegaMenu Plugin <= 2.3.12 is vulnerable to Local File Inclusion

Software MegaMenu Type Plugin Vulnerable versions = 2.3.12 Fixed in 2.3.13 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-35677 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 866b59909ea3 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Essential Real Estate Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3dd9001bf079 Credits Krzysztof Zając...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

WordPress Social Link Pages Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Link Pages Type Plugin Vulnerable versions = 1.6.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3555 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d1f020a1aca Credits Lucio Sá Required...

WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control

Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...

WordPress Advanced Custom Fields PRO Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1daa59fd8d88 Credits Scott Kingsley Clark...

WordPress Netgsm Plugin <= 2.9.19 is vulnerable to Broken Access Control

Software Netgsm Type Plugin Vulnerable versions = 2.9.19 Fixed in 2.9.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35672 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ec4277f3436d Credits Majed Refaea Required privilege...

WordPress Social Login Lite For WooCommerce Plugin <= 1.6.0 is vulnerable to Broken Authentication

Software Social Login Lite For WooCommerce Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-4552 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9ddbae9ad306...

WordPress WPvivid Backup for MainWP Plugin <= 0.9.32 is vulnerable to Cross Site Scripting (XSS)

Software WPvivid Backup for MainWP Type Plugin Vulnerable versions = 0.9.32 Fixed in 0.9.33 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e6744843cdb4 Credits Yudistira Arya...

WordPress wpDataTables Plugin <= 6.3.1 is vulnerable to SQL Injection

Software wpDataTables Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3820 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 85631b10c84a Credits villu164 Required privilege Unauthenticated Publish...