WordPress Folders Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Folders Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3868 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a2c21957d7e5 Credits mike harris Required...

WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)

Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...

WordPress SimpleShop Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software SimpleShop Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c9901697dc3 Credits Francesco Carlucci...

WordPress Simple Membership Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.5 Fixed in 4.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4383 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 39626d5eed25 Credits wesley wcraft Required...

WordPress Testimonial Slider Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Slider Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4193 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c9e113bbfe1 Credits Krzysztof Zając...

WordPress Download Alt Text AI Plugin <=1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Download Alt Text AI Type Plugin Vulnerable versions =1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34366 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 15bd973c927c Credits Manab Jyoti Dowarah Required...

WordPress Restaurant and Cafe Theme <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Restaurant and Cafe Type Theme Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97da5caaa5b4 Credits Dhabaleshwar Das...

WordPress SEOPress Plugin <= 7.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software SEOPress Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-34383 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7ca57d342ecd Credits Peng Zhou Required...

WordPress Conversational Forms for ChatBot Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34380 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04a3b48cf9af Credits Jean Tirstan T Requir...

WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b56a67a53737 Credits stealthcopter Required...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...

WordPress Mooberry Book Manager Plugin <= 4.15.12 is vulnerable to Sensitive Data Exposure

Software Mooberry Book Manager Type Plugin Vulnerable versions = 4.15.12 Fixed in 4.15.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-34368 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8048e91588cf Credits Steven Julian...

WordPress Supreme Modules Lite Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Supreme Modules Lite Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db7cdff0f72f Credits Webbernaut Required...

WordPress WP Recipe Maker Plugin <= 9.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.3.1 Fixed in 9.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5ee8e6ab9022 Credits stealthcopter Required...

WordPress Side Menu Lite Plugin < 4.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Side Menu Lite Type Plugin Vulnerable versions 4.2.1 Fixed in 4.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3476 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 570b701cebb0 Credits Bob Matyas Required...

WordPress Float menu Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Float menu Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 80605a5ac1fe Credits Erwan LR WPScan Required...

WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress All-in-One Video Gallery Plugin <= 3.6.4 is vulnerable to Arbitrary File Upload

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.6.4 Fixed in 3.6.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4033 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID cfa484cd1cd9 Credits stealthcopter Required...

WordPress Grid Gallery Plugin <= 1.4.3 is vulnerable to PHP Object Injection

Software Grid Gallery Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1897 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 43f9768655e4 Credits Francesco Carlucci Required privilege...