WordPress Fancy Elementor Flipbox Plugin <= 2.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2349 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd388fab11b8 Credits Francesco Carluc...

WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)

Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...

WordPress Event Management Tickets Booking Plugin <= 1.3.4 is vulnerable to PHP Object Injection

Software Event Management Tickets Booking Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1895 Patch priority Medium CVSS severity Medium 7.4 Developer Claim ownership PSID d93e6770a231 Credits Francesco Carlucci...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...

WordPress Masteriyo - LMS Plugin <= 1.7.3 is vulnerable to Broken Authentication

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-33939 Patch priority Medium CVSS severity Medium 5.3 Developer Masteriyo PSID ce37ea579b31 Credits Steven Julian Required privilege...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

WordPress Google Typography Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Google Typography Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33942 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8afac0da0e50 Credits Abdi Pranata Required privile...

WordPress Share This Image Plugin <= 1.98 is vulnerable to Open Redirection

Software Share This Image Type Plugin Vulnerable versions = 1.98 Fixed in 1.99 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-33930 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 8ff8b7f51b08 Credits stealthcopter Required privilege Unauthenticate...

WordPress Directorist Plugin <= 7.8.6 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.6 Fixed in 7.9.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33929 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4002917cae9a Credits Dhabaleshwar Das Required privile...

WordPress Democracy Poll Plugin <= 6.0.3 is vulnerable to Broken Access Control

Software Democracy Poll Type Plugin Vulnerable versions = 6.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33920 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 4ebe2afd67c8 Credits thiennv Required privilege...

WordPress Social Share Buttons by Supsystic Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Social Share Buttons by Supsystic Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47330 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 619b2c170607 Credits Abdi...

WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)

Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...

WordPress WPC Composite Products for WooCommerce Plugin <= 7.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WPC Composite Products for WooCommerce Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2838 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c5256a4c7c7a...

WordPress Embed Google Fonts Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software Embed Google Fonts Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530cac3d37a Credits Abdi Pranata Required...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...

WordPress PPOM for WooCommerce Plugin <= 32.0.18 is vulnerable to Arbitrary File Upload

Software PPOM for WooCommerce Type Plugin Vulnerable versions = 32.0.18 Fixed in 32.0.19 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3962 Patch priority High CVSS severity High 10 Developer Claim ownership PSID e45867d8f81a Credits andrea bocchetti Required...

WordPress WP SMTP Plugin 1.2 - 1.2.6 is vulnerable to SQL Injection

Software WP SMTP Type Plugin Vulnerable versions 1.2 - 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1789 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cf0dba8db665 Credits Christiaan Swiers YouGina Required privilege...

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

WordPress Radio Station Plugin <= 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Radio Station Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abbc08921ba2 Credits Dhabaleshwar Das...