WordPress Colibri Page Builder Plugin <= 1.0.260 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.260 Fixed in 1.0.263 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ddfb3a20814b Credits HappyFunTime Required...

WordPress Mollie Forms Plugin <= 2.6.3 is vulnerable to Broken Access Control

Software Mollie Forms Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1400 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 216cfadafbb9 Credits Lucio Sá Required privilege...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.32 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.32 Fixed in 2.10.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2126 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 112915e33a62 Credits wesley wcraft...

WordPress Premium Addons PRO Plugin <= 2.9.12 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.12 Fixed in 2.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d43c6fdfdb0b Credits wesley wcraft...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1169 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9cb60e0ebc18 Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...

WordPress PageLayer Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2127 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0658bd2623bb Credits wesley wcraft Required privile...

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.7 is vulnerable to PHP Object Injection

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2006 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ef206ea07872 Credits Francesco Carlucci...

WordPress Event Tickets Plugin < 5.8.1 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions 5.8.1 Fixed in 5.8.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1316 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID dbfa94357fe1 Credits Scott Kingsley Clark Requir...

WordPress GenerateBlocks Plugin <= 1.8.2 is vulnerable to Sensitive Data Exposure

Software GenerateBlocks Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1452 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17b91c2bc914 Credits Webbernaut Required privile...

WordPress Vimeography Plugin <= 2.3.2 is vulnerable to PHP Object Injection

Software Vimeography Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-0825 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d222d8e03d69 Credits Lucio Sá Required privilege Contributor...

WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.17 is vulnerable to Broken Access Control

Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.17 Fixed in 2.7.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1178 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2c7c572664c Credits...

WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...

WordPress Blue Triad EZAnalytics Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Blue Triad EZAnalytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 505430cf135b Credits WordFence...

WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Nextend Facebook Connect Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1775 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6fbf027206e8 Credits Tobias...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9bd74cd8e71 Credits...

WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control

Software Sirv Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27950 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 622e8386dd23 Credits CatFather Required privilege Subscriber Published 1...

WordPress Finale Lite Plugin <= 2.17.0 is vulnerable to Broken Access Control

Software Finale Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1120 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 383bdaaeaeac Credits Francesco Carlucci Required...

WordPress Calculated Fields Form Plugin 5.0.0-5.1.56 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions 5.0.0-5.1.56 Fixed in 5.1.57 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2020 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f60c98fd9fe8 Credits Asaf...

WordPress Amelia Plugin <= 1.0.98 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e85735d453 Credits Muhammad Hassham Nagori...