WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...

WordPress Social Warfare Plugin <= 4.4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.6.1 Fixed in 4.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4ca6fb05821 Credits Krzysztof Zając...

WordPress BuddyForms Plugin <= 2.8.8 is vulnerable to Arbitrary File Download

Software BuddyForms Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32830 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID df4ae0005bef Credits Yudistira Arya Required privilege...

WordPress Podlove Podcast Publisher Plugin <= 4.0.14 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.14 Fixed in 4.0.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32712 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 03f3d1e3ccd2 Credits LVT-tholv2k...

WordPress Appointment Hour Booking Plugin <= 1.4.56 is vulnerable to Other Vulnerability Type

Software Appointment Hour Booking Type Plugin Vulnerable versions = 1.4.56 Fixed in 1.4.57 OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2024-32720 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 228e58c3426d Credits Mochamad Sofyan...

WordPress BizPrint Plugin <= 4.3.39 is vulnerable to Broken Access Control

Software BizPrint Type Plugin Vulnerable versions = 4.3.39 Fixed in 4.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32777 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID c14f75079ee7 Credits Joshua Chan Required privilege...

WordPress Rate my Post – WP Rating System Plugin <= 3.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Rate my Post – WP Rating System Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32823 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3390dc0a9f18...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

WordPress All-in-one Like Widget Plugin <= 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software All-in-one Like Widget Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32815 Patch priority Low CVSS severity Low 5.9 Developer Jeroen Peters PSID 19340c2d052a Credits Joshua Chan Required privilege...

WordPress CookieHub Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software CookieHub Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32784 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf6c0519f789 Credits Abdi Pranata Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.94 is vulnerable to Arbitrary File Upload

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.94 Fixed in 1.3.95 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-1567 Patch priority High CVSS severity High 8.2 Developer WProyal PSID 7b79f8ce62d8 Credits wesley wcraft Required...

WordPress Newsletters Plugin <=4.9.5 is vulnerable to Sensitive Data Exposure

Software Newsletters Type Plugin Vulnerable versions =4.9.5 Fixed in 4.9.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32953 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5684766cc1ef Credits Peng Zhou Required privilege...

WordPress Sendinblue for WooCommerce Plugin <= 4.0.17 is vulnerable to Arbitrary File Download

Software Sendinblue for WooCommerce Type Plugin Vulnerable versions = 4.0.17 Fixed in 4.0.18 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32807 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1a6d8c4d6ed3 Credits Yudistira Arya...

WordPress WP LinkedIn Auto Publish Plugin <= 8.11 is vulnerable to Broken Access Control

Software WP LinkedIn Auto Publish Type Plugin Vulnerable versions = 8.11 Fixed in 8.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32797 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 03094155e86a Credits Abdi Pranata Required...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress Vision Interactive Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software Vision Interactive Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32779 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed5556ff45af Credits Steven Julian Required...

WordPress Premium Addons for Elementor Plugin <= 4.10.25 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.25 Fixed in 4.10.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32791 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 5e608ef68f6a Credits Ray Wilson Required privileg...

WordPress StreamWeasels Twitch Integration Plugin <= 1.7.8 is vulnerable to Sensitive Data Exposure

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32716 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eec287347b22 Credits Majed Refa...

WordPress AI Post Generator | AutoWriter Plugin <= 3.3 is vulnerable to Broken Access Control

Software AI Post Generator | AutoWriter Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32713 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1f7f2444d49e Credits LVT-tholv2k Requir...

WordPress Coupon & Discount Code Reveal Button Plugin <=1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Coupon & Discount Code Reveal Button Type Plugin Vulnerable versions =1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID abdf37204c70 Credits emad Required...