WordPress WP Portfolio Theme <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Portfolio Type Theme Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33537 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 960b34eee068 Credits stealthcopter Required privilege Contributor...

WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...

WordPress Easy Accept Payments Plugin <= 4.9.10 is vulnerable to Broken Access Control

Software Easy Accept Payments Type Plugin Vulnerable versions = 4.9.10 Fixed in 5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33591 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID dc8baebcdbf1 Credits Joshua Chan Required...

WordPress Blocksy Theme <= 2.0.39 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.39 Fixed in 2.0.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3747 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 3ec8e6a91460 Credits Ngô Thiên An ancorn Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to SQL Injection

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33559 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0996b4472188 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Recencio Book Reviews Plugin <= 1.66.0 is vulnerable to Cross Site Scripting (XSS)

Software Recencio Book Reviews Type Plugin Vulnerable versions = 1.66.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33648 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d6b95a95ae6 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress XStore Theme <= 9.3.8 is vulnerable to Settings Change

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33564 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fefe041fa298 Credits Rafie Muhammad Patchstack Required privileg...

WordPress PropertyHive Plugin <= 2.0.12 is vulnerable to Broken Access Control

Software PropertyHive Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 20b9880edd45 Credits Lucio Sá Required privilege...

WordPress EPROLO Dropshipping Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software EPROLO Dropshipping Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33573 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5b21a303f43 Credits Abdi Pranata Required...

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3045 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d235421a1171...

WordPress Solid Affiliate Plugin <= 1.9.1 is vulnerable to Sensitive Data Exposure

Software Solid Affiliate Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-33637 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 0610eeb4f1ac Credits Francois Harvey Required...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Local File Inclusion

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33557 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 942a9619d048 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Better Elementor Addons Plugin <= 1.4.1 is vulnerable to Local File Inclusion

Software Better Elementor Addons Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-33541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62efde4398ca Credits Ray Wilson Required...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Arbitrary File Upload

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-33556 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 108b732f3dae Credits Rafie Muhammad Patchstack...

WordPress Chaty Plugin < 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions 3.1.9 Fixed in 3.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2972 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de00cfe54026 Credits Dmitrii Ignatyev Required privilege...

WordPress WooCommerce Customers Manager Plugin < 29.8 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.8 Fixed in 29.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1743 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 088073d3e0c4 Credits Erwan LR...

WordPress Premium Addons for Elementor Plugin <= 4.10.28 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.28 Fixed in 4.10.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3885 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID efd244d42ee8 Credits Ngô Thiên An...

WordPress FileOrganizer Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2324 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee105a346d17 Credits Nikolas Required privilege...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

WordPress Quick Featured Images Plugin <= 13.7.0 is vulnerable to Broken Access Control

Software Quick Featured Images Type Plugin Vulnerable versions = 13.7.0 Fixed in 13.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3664 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 955c9c9acc5c Credits Lucio Sá Required...