WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3599 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bea6dcba69bc...

WordPress WP Meta SEO Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6961 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6aa5d92333a8 Credits Krzysztof Zając...

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...

WordPress Salon booking system Plugin < 9.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions 9.6.3 Fixed in 9.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2101 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed8158473297 Credits Priyanka Pande...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Sensitive Data Exposure

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6214 Patch priority High CVSS severity High 7.5 Developer HTMega PSID 4ecd8a800f95 Credits Francesco Carlucci Required privilege...

WordPress WP Social Comments Plugin <= 1.7.3 is vulnerable to Broken Access Control

Software WP Social Comments Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a443a3a545ff Credits Friday Required privilege...

WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to Remote Code Execution (RCE)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A5: Security Misconfiguration Classification Remote Code Execution RCE CVE CVE-2024-32680 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5338513548eb Credits Yudistira Arya Required...

WordPress WooCommerce Google Feed Manager Plugin <= 2.4.2 is vulnerable to SQL Injection

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3067 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7ac4b8e7f509 Credits Krzysztof Zając Required privilege...

WordPress Navigation menu as Dropdown Widget Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Navigation menu as Dropdown Widget Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32126 Patch priority Low CVSS severity Low 5.9 Developer Jeroen Peters PSID 5c32e593787a Credits Joshua Chan Required...

WordPress Attesa Extra Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Attesa Extra Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32594 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4bca51f18f29 Credits Khalid Yusuf Required privilege Contribut...

WordPress Tainacan Interface Theme <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Tainacan Interface Type Theme Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3867 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dcbddfa32a84 Credits Matheus Nascimento de...

WordPress CBX Bookmark & Favorite Plugin <= 1.7.20 is vulnerable to Cross Site Scripting (XSS)

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.20 Fixed in 1.7.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32577 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c797afa81115 Credits LVT-tholv2k Required privile...

WordPress BA Book Everything Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32576 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aedca1bff1c3 Credits LVT-tholv2k Required privilege...

WordPress WP Helper Premium Plugin < 4.6.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Helper Premium Type Plugin Vulnerable versions 4.6.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32595 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f98f0aa22fb Credits thiennv Required privilege...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32562 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b69a38ab3f39 Credits Dave Jong Patchstack Required privilege...

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...

WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...

WordPress HurryTimer Plugin <=2.9.2 is vulnerable to Cross Site Scripting (XSS)

Software HurryTimer Type Plugin Vulnerable versions =2.9.2 Fixed in 2.10.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32556 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3a1dca35035 Credits Joshua Chan Required privilege Contributor...