WordPress Call Now Button Plugin < 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Call Now Button Type Plugin Vulnerable versions 1.4.7 Fixed in 1.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2908 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1848a4a46e87 Credits Dikshita Trivedi...

WordPress SSL Mixed Content Fix Plugin <= 3.2.6 is vulnerable to Broken Access Control

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11237d78fd75 Credits Dhabaleshwar Das Requir...

WordPress Fancy Product Designer Plugin < 6.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.8 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0905 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fb94dea6052 Credits Bob Matyas...

WordPress Financio Theme <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Financio Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33690 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a500173c6581 Credits Dhabaleshwar Das Required...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

WordPress Duplicate Post Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Duplicate Post Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8977e93ea85 Credits Dhabaleshwar Das Required...

WordPress Althea WP Theme <= 1.0.13 is vulnerable to Broken Access Control

Software Althea WP Type Theme Vulnerable versions = 1.0.13 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5f642c59b Credits Dhabaleshwar Das Required privileg...

WordPress Accountra Theme <= 1.0.3 is vulnerable to Broken Access Control

Software Accountra Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56009c31f7f6 Credits Dhabaleshwar Das Required privilege...

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...

WordPress Backup Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8830eaae290 Credits Dhabaleshwar Das Required...

WordPress Photology Theme <= 1.1.3 is vulnerable to Broken Access Control

Software Photology Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29f6cff8157b Credits Dhabaleshwar Das Required privilege...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Broken Access Control

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33547 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0e636c441e01 Credits Rafie Muhammad Patchstack Required...

WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...

WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...

WordPress WPPizza Plugin <= 3.18.10 is vulnerable to Broken Access Control

Software WPPizza Type Plugin Vulnerable versions = 3.18.10 Fixed in 3.18.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d7917e7b15a2 Credits Majed Refaea Required...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

WordPress Knowledge Base documentation & wiki plugin – BasePress Plugin <= 2.16.1 is vulnerable to Broken Access Control

Software Knowledge Base documentation & wiki plugin – BasePress Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33588 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...