WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2121 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 384f5531d486 Credits wesley wcraft Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.11 Fixed in 5.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 33b39d3a1006 Credits Rafie Muhammad...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...

WordPress Link Whisper Free Plugin <= 0.7.1 is vulnerable to PHP Object Injection

Software Link Whisper Free Type Plugin Vulnerable versions = 0.7.1 Fixed in 0.7.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2693 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 1e82ed02e277 Credits Francesco Carlucci Required privile...

WordPress Ajax Load More Plugin <= 7.0.1 is vulnerable to Directory Traversal

Software Ajax Load More Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-1790 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 0e28f3a7fca4 Credits Hoa Le Ngoc lengochoa Required privilege...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...

WordPress Calendarista Plugin <= 15.5.7 is vulnerable to SQL Injection

Software Calendarista Type Plugin Vulnerable versions = 15.5.7 Fixed in 15.5.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30240 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c87b524aa9f2 Credits Ivan Spiridonov Required privilege Subscriber...

WordPress Easy Textillate Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Easy Textillate Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2fef30ce1b2 Credits Tien Luong Required...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control

Software Max Mega Menu Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ddcba15780a Credits Rafie Muhammad Patchstack Require...

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Colibri Page Builder Plugin <= 1.0.248 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.248 Fixed in 1.0.249 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28004 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13159cde48e3 Credits Rafie Muhammad...

WordPress RegistrationMagic Plugin <= 5.3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.0.0 Fixed in 5.3.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-2951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d9399326561 Credits Joshua Chan Required...

WordPress Contest Gallery Plugin <= 21.3.4 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.4 Fixed in 21.3.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30236 Patch priority Low CVSS severity Low 8.5 Developer Wasiliy Strecker PSID 03348ec935e2 Credits Emili Castells Required privilege Contributor...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.1.4 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-29100 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID cd77a38bda8f Credits Rafie Muhammad Patchstac...

WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...

WordPress Stratum Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software Stratum Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d8d138923e6 Credits Khalid Yusuf Required privilege Contributor...

WordPress SEOPress Plugin <= 7.5.2.1 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions = 7.5.2.1 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2165 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b92e3ab1041a Credits Ngô Thiên An ancorn - VNPT-VCI ...

WordPress WP Go Maps Plugin <= 9.0.29 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.29 Fixed in 9.0.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29931 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID ec3cfcab7699 Credits Rafie Muhammad Patchstack Required...