WordPress Tagembed Plugin <= 4.7 is vulnerable to Cross Site Scripting (XSS)

Software Tagembed Type Plugin Vulnerable versions = 4.7 Fixed in 4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32561 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 040c708c0568 Credits LVT-tholv2k Required privilege Contributor...

WordPress Slider by 10Web Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32578 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3808548b6dad Credits Dimas Maulana Required privile...

WordPress Debug Log Manager Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Debug Log Manager Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-32582 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f92fe55cb9f Credits Majed Refaea Required...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32551 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4e8128ffc035 Credits CatFather Required privilege Author...

WordPress Support Genix Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software Support Genix Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49742 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 3d8f29e82159 Credits Yudistira Arya Required...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...

WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection

Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...

WordPress WP-Recall Plugin <= 16.26.5 is vulnerable to Insecure Direct Object References (IDOR)

Software WP-Recall Type Plugin Vulnerable versions = 16.26.5 Fixed in 16.26.6 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3904a35f5abe Credits Kyle Sanchez...

WordPress Cornerstone Plugin <= 0.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cornerstone Type Plugin Vulnerable versions = 0.8.0 Fixed in 0.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32570 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f61c07b03ab5 Credits Rafie Muhammad Patchstack Required...

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control

Software Smart Slider 3 Type Plugin Vulnerable versions = 3.5.1.22 Fixed in 3.5.1.23 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3027 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c46698c777af Credits Christiaan Swiers YouGina...

WordPress MJ Update History Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software MJ Update History Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32543 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f5d10b529f0 Credits Dimas Maulana Required privilege...

WordPress Everest Backup Plugin < 2.2.5 is vulnerable to Arbitrary File Upload

Software Everest Backup Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-7201 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e4434e41add7 Credits Emad Required privilege Administrator Publish...

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...

WordPress NPS computy Plugin < 2.7.6 is vulnerable to Cross Site Scripting (XSS)

Software NPS computy Type Plugin Vulnerable versions 2.7.6 Fixed in 2.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1754 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3449f6b4bc3 Credits Bob Matyas Required privilege...

WordPress Product Feed PRO for WooCommerce Plugin <= 13.3.1 is vulnerable to Sensitive Data Exposure

Software Product Feed PRO for WooCommerce Type Plugin Vulnerable versions = 13.3.1 Fixed in 13.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-32513 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 20d6ccb380e3 Credits...

WordPress Code Insert Manager (Q2W3 Inc Manager) Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Code Insert Manager Q2W3 Inc Manager Type Plugin Vulnerable versions = 2.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32547 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID c408b8a3e4fc Credits Dimas Maulana...

WordPress Top Bar Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Top Bar Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1660 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c5d854410a5 Credits Dmitrii Ignatyev Required privileg...

WordPress WooCommerce Customers Manager Plugin < 29.7 is vulnerable to SQL Injection

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.7 Fixed in 29.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0399 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3c8fe0630d48 Credits Ivan Spiridonov Required privilege...