WordPress Schema Pro Plugin < 2.7.16 is vulnerable to Broken Access Control

Software Schema Pro Type Plugin Vulnerable versions 2.7.16 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1564 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68dac5194d9b Credits Scott Kingsley Clark Required...

WordPress Podlove Podcast Publisher Plugin <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29915 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b5b45e01eae Credits Dimas Maulana Require...

WordPress Sunshine Photo Cart Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Sunshine Photo Cart Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30194 Patch priority Medium CVSS severity Medium 7.1 Developer WP Sunshine PSID fc4e8435fb65 Credits Dimas Maulana Required privilege...

WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...

WordPress Co-marquage service-public.fr Plugin <= 0.5.72 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.72 Fixed in 0.5.73 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29758 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54a2401a71ec Credits Yudistira Arya...

WordPress WP Directory Kit Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29774 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c316cffe9a7e Credits Dimas Maulana Required privileg...

WordPress Premium Packages Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29924 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fd83d5609f73 Credits Yudistira Arya Required privile...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29932 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 391da759025d Credits Yudisti...

WordPress Church Admin Plugin <= 4.1.17 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.1.17 Fixed in 4.1.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30193 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID 239d5fd65793 Credits CatFather Required privilege...

WordPress New RoyalSlider Plugin <= 3.4.2 is vulnerable to Cross Site Scripting (XSS)

Software New RoyalSlider Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30195 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 586b18a145b1 Credits Rafie Muhammad Patchstack Requir...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.01 Fixed in 2.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29791 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bea274e4e958 Credits Le Ngoc Anh Requir...

WordPress FlatPM Plugin < 3.1.05 is vulnerable to Cross Site Scripting (XSS)

Software FlatPM Type Plugin Vulnerable versions 3.1.05 Fixed in 3.1.05 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 707de1bb10ec Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress WooCommerce Clover Payment Gateway Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WooCommerce Clover Payment Gateway Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c0aefba99a Credits Francesco...

WordPress MyBookTable Bookstore Plugin <= 3.3.7 is vulnerable to Cross Site Scripting (XSS)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.7 Fixed in 3.3.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-29772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4a056c5d251 Credits CatFather Required...

WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection

Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2025 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6110ece7c17e Credits Francesco Carlucci Required privilege Subscrib...

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.8 is vulnerable to Cross Site Scripting (XSS)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.8 Fixed in 6.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3615c0b97947 Credits Steven Julian...

WordPress Portfolio Gallery – Image Gallery Plugin Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Portfolio Gallery – Image Gallery Plugin Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29769 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 67413237e077 Credits LVT-tholv2k...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.24 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.24 Fixed in 4.5.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29795 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress Locatoraid Store Locator Plugin <= 3.9.30 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.30 Fixed in 3.9.31 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30181 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f59c57fd908e Credits Joshua Chan Required...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255b07899e6d Credits Ngô Thiên An ancorn from VNPT-V...