WordPress Backuply – Backup, Restore, Migrate and Clone Plugin <= 1.2.7 is vulnerable to Directory Traversal

Software Backuply – Backup, Restore, Migrate and Clone Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-2294 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 06eccdaade5a Credits Da...

WordPress MyCurator Content Curation Plugin <= 3.76 is vulnerable to Cross Site Scripting (XSS)

Software MyCurator Content Curation Type Plugin Vulnerable versions = 3.76 Fixed in 3.77 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29139 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5416935cfa3 Credits LVT-tholv2k Required...

WordPress Everest Forms Plugin <= 2.0.7 is vulnerable to Server Side Request Forgery (SSRF)

Software Everest Forms Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1812 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 113a534a2c9d Credits hir0ot Required privilege...

WordPress Simple Job Board Plugin <= 2.11.0 is vulnerable to PHP Object Injection

Software Simple Job Board Type Plugin Vulnerable versions = 2.11.0 Fixed in 2.11.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1813 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0f7bf0484277 Credits Francesco Carlucci Required privilege...

WordPress Better Search Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Better Search Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29142 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8395a45f6b09 Credits Abdi Pranata Required privilege...

WordPress Advanced Access Manager Plugin <= 6.9.20 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Access Manager Type Plugin Vulnerable versions = 6.9.20 Fixed in 6.9.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29124 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bab97a68bf4d Credits Delbert Giovanni Lie Require...

WordPress RegistrationMagic Plugin <= 5.2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.5.9 Fixed in 5.2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29113 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b3c2c9a16dfd Credits Yudistira Arya Required...

WordPress Advanced Access Manager Plugin <= 6.9.20 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Access Manager Type Plugin Vulnerable versions = 6.9.20 Fixed in 6.9.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29127 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 31ea026b43aa Credits Rafie Muhammad...

WordPress Sitekit Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Sitekit Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-29111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c6b957dd4df3 Credits CatFather Required privilege Contribut...

WordPress WooCommerce Google Feed Manager Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29112 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a47ab0c3a92d Credits Joshua Chan Required...

WordPress Specific Content For Mobile – Customize the mobile version without redirections Plugin <= 0.1.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Specific Content For Mobile – Customize the mobile version without redirections Type Plugin Vulnerable versions = 0.1.9.5 Fixed in 0.1.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29126 Patch priority Medium CVSS severity Medium 7.1 Developer Claim...

WordPress WP Calameo Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Calameo Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c0b84991b1 Credits Ray Wilson Required privilege Contributor...

WordPress Site Reviews Plugin <= 6.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.11.6 Fixed in 6.11.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29095 Patch priority Low CVSS severity Low 5.9 Developer Gemini Labs PSID ea55e6cb50a9 Credits isacaya Required privilege Author Published...

WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software HT Easy GA4 Google Analytics 4 Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29094 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f8e72c6e71d Credits Yudistira Arya...

WordPress Extensions For CF7 Plugin <= 3.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Extensions For CF7 Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29102 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 67b6a4990cc0 Credits RE-ALTER Required privilege...

WordPress MJM Clinic Plugin <= 1.1.22 is vulnerable to Cross Site Scripting (XSS)

Software MJM Clinic Type Plugin Vulnerable versions = 1.1.22 Fixed in 1.1.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3af8c5b59be8 Credits Faizal Abroni Required privilege Editor...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.5.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27994 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 8464da6f5a09 Credits Yudistira Arya Required...

WordPress SupportCandy Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software SupportCandy Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27991 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64d8fa37173c Credits Mochamad Sofyan Required privilege...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Directory Traversal

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE CVE-2024-1974 Patch priority Low CVSS severity Low 7.7 Developer HTMega PSID 6d7e2f2731f2 Credits Webbernaut Required privilege Contributor Publish...

WordPress HUSKY Plugin <= 1.3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.1 Fixed in 1.3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 938e3d425755 Credits Bassem Essam Required privileg...