WordPress Porto Theme - Functionality Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Porto Theme - Functionality Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05d6982e8315 Credits István Márton Required privileg...

WordPress CF7 WOW Styler Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34826 Patch priority Medium CVSS severity Medium 6.3 Developer Tobias PSID 6b711e00da8c Credits Dhabaleshwar Das Required privile...

WordPress Pure Chat Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS)

Software Pure Chat Type Plugin Vulnerable versions = 2.22 Fixed in 2.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3595 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ddb44562eab6 Credits Lucio Sá Required privileg...

WordPress Meow Gallery Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Meow Gallery Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff273a246878 Credits Krzysztof Zając Required...

WordPress Visual Footer Credit Remover Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Visual Footer Credit Remover Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2846 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 265b4eed7803 Credits 1337Wannabe...

WordPress Fancy Elementor Flipbox Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6fdd1efa32f5 Credits Khalid Yusuf Required privileg...

WordPress Stockholm Theme <= 9.6 is vulnerable to Local File Inclusion

Software Stockholm Type Theme Vulnerable versions = 9.6 Fixed in 9.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34551 Patch priority High CVSS severity High 9 Developer Claim ownership PSID ba79b1de262f Credits Rafie Muhammad Patchstack Required privilege...

WordPress Counter Up Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Counter Up Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34564 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0c39c66bb9f2 Credits LVT-tholv2k Required privilege Contributor...

WordPress Ultimate Store Kit Elementor Addons Plugin <= 2.0.3 is vulnerable to PHP Object Injection

Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-4606 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 46e7a74eebcc Credits Ray Wilson Requir...

WordPress Move Addons for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34562 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 788c0e0d4eae Credits Khalid Yusuf Required...

WordPress Zotpress Plugin <= 7.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.9 Fixed in 7.3.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34569 Patch priority Low CVSS severity Low 6.5 Developer Katie Seaborn PSID 7fcedeab8bd4 Credits LVT-tholv2k Required privilege Contributor...

WordPress Gold Addons for Elementor Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Gold Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34563 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ec8bc999d21 Credits Khalid Yusuf Required...

WordPress Shared Counts Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Shared Counts Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9dd902d0b809 Credits N/A Required privilege Unauthenticated...

WordPress SKT Addons for Elementor Plugin <=1.8 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions =1.8 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 346a6441540d Credits 4rCanJ0x! Required privilege...

WordPress Brozzme Scroll Top Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Brozzme Scroll Top Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34426 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 40ba77316890 Credits Cronus Required privilege Administrat...

WordPress GDPR Compliance Plugin <= 1.2.5 is vulnerable to Sensitive Data Exposure

Software GDPR Compliance Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-34388 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 2bd47e434b7c Credits CatFather Required...

WordPress Auto Affiliate Links Plugin <= 6.4.3.1 is vulnerable to SQL Injection

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3.1 Fixed in 6.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-34386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 901e8da7d177 Credits Do Truong Giang Required privilege Editor...

WordPress Yoast SEO Plugin <= 22.5 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO Type Plugin Vulnerable versions = 22.5 Fixed in 22.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4041 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ed891028ded Credits Bassem Essam Required...

WordPress raindrops Theme <= 1.600 is vulnerable to Cross Site Scripting (XSS)

Software raindrops Type Theme Vulnerable versions = 1.600 Fixed in 1.700 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34414 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d4e3ff80bd8c Credits stealthcopter Required privilege Contributor...

WordPress SliceWP Plugin <=1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software SliceWP Type Plugin Vulnerable versions =1.1.10 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34413 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c46a4aefe49b Credits Manab Jyoti Dowarah Required privilege...