WordPress Email Customizer for WooCommerce Plugin <= 2.6.0 is vulnerable to Sensitive Data Exposure

Software Email Customizer for WooCommerce Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-32781 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bb85c76645da Credits Emili...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

WordPress WP GoToWebinar Plugin <= 14.46 is vulnerable to Broken Access Control

Software WP GoToWebinar Type Plugin Vulnerable versions = 14.46 Fixed in 15.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dac08fd623ab Credits Abdi Pranata Required privilege...

WordPress SchedulePress Plugin <= 5.0.8 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7d1404ed0d5c Credits Majed Refaea Required...

WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...

WordPress Integrate Google Drive Plugin <= 1.3.9 is vulnerable to Broken Access Control

Software Integrate Google Drive Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.3.91 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32813 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3bec4c127fe1 Credits Steven Julian Require...

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

WordPress Data Tables Generator by Supsystic Plugin <= 1.10.31 is vulnerable to Broken Access Control

Software Data Tables Generator by Supsystic Type Plugin Vulnerable versions = 1.10.31 Fixed in 1.10.32 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c3d8bb1fd9d8 Credits Steven...

WordPress The Pack Elementor addons Plugin <= 2.0.8.2 is vulnerable to Server Side Request Forgery (SSRF)

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.8.2 Fixed in 2.0.8.3 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32718 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 86389b782087...

WordPress Chauffeur Taxi Booking System for WordPress Plugin <= 6.9 is vulnerable to Broken Authentication

Software Chauffeur Taxi Booking System for WordPress Type Plugin Vulnerable versions = 6.9 Fixed in 7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-32692 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 7552e0fad1fd Credits luc...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

WordPress Customer Reviews for WooCommerce Plugin <= 5.47.0 is vulnerable to Cross Site Scripting (XSS)

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.47.0 Fixed in 5.48.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3731 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75e280aac3db Credits...

WordPress LearnPress Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3560 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05282d717c17 Credits stealthcopter Required...

WordPress Automatic Plugin < 3.93.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions 3.93.0 Fixed in 3.93.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 83f469455e38 Credits Rafie Muhammad Patchstack...

WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion

Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...

WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion

Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...

WordPress MyRewards Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software MyRewards Type Plugin Vulnerable versions = 5.3.0 Fixed in 5.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32688 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4a61d830f2db Credits Emili Castells Required...

WordPress Order Limit for WooCommerce Plugin <= 2.0.0 is vulnerable to Broken Access Control

Software Order Limit for WooCommerce Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32675 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b286d283cb6a Credits Abdi Pranat...