WordPress Brizy Plugin <= 2.4.40 is vulnerable to Directory Traversal

Software Brizy Type Plugin Vulnerable versions = 2.4.40 Fixed in 2.4.41 OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-1165 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d07c7816cd90 Credits wesley wcraft Required privilege...

WordPress Colibri Page Builder Plugin <= 1.0.253 is vulnerable to Cross Site Request Forgery (CSRF)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.253 Fixed in 1.0.260 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1361 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ba2ec46e6e74 Credits Lucio Sá...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

WordPress Play.ht Plugin <= 3.6.4 is vulnerable to PHP Object Injection

Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1772 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 571b81755147 Credits Francesco Carlucci Required privilege Contribut...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Content Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-1128 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f8a158bf40f Credits drop Required privilege Student Published 21 Februar...

WordPress wpDataTables Plugin <= 3.4.2.4 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.4 Fixed in 3.4.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0591 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8b3b0085c333 Credits stealthcopter Required...

WordPress Academy LMS Plugin <= 1.9.19 is vulnerable to Privilege Escalation

Software Academy LMS Type Plugin Vulnerable versions = 1.9.19 Fixed in 1.9.20 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-1505 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 65c72fe58c1f Credits Lucio Sá Required privilege...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1133 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f48325f20ce3 Credits drop Required privilege Subscriber...

WordPress Cost of Goods for WooCommerce Plugin <= 3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Cost of Goods for WooCommerce Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0821 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06f40e6d3a9e Credits...

WordPress Password Protected Plugin <= 2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a68f344cd36 Credits Felipe Restrepo...

WordPress Coming Soon Maintenance Mode Plugin <= 1.0.5 is vulnerable to Sensitive Data Exposure

Software Coming Soon Maintenance Mode Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1475 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6da3f77ac231 Credits Francesco...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.26 is vulnerable to Broken Access Control

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aef94ec88b0d Credits Ngô Thiên ...

WordPress WPify Woo Czech Plugin <= 4.0.8 is vulnerable to Broken Access Control

Software WPify Woo Czech Type Plugin Vulnerable versions = 4.0.8 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1492 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e2dc6ee494b6 Credits Francesco Carlucci Required...

WordPress Oliver POS Plugin <= 2.4.2.0 is vulnerable to Broken Access Control

Software Oliver POS Type Plugin Vulnerable versions = 2.4.2.0 Fixed in 2.4.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0702 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 77e616eb4620 Credits Francesco Carlucci Required...

WordPress Cwicly Plugin <= 1.4.0.2 is vulnerable to Remote Code Execution (RCE)

Software Cwicly Type Plugin Vulnerable versions = 1.4.0.2 Fixed in 1.4.0.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-24707 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 03a26bc8d3c0 Credits Snicco Required privilege Contributo...

WordPress Landing Page Cat Plugin <= 1.7.2 is vulnerable to Sensitive Data Exposure

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0708 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9cdc23335541 Credits Nathaniel Oh 0x4n3 Requir...

WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection

Software postMash – custom post order Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25927 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5131e79f3c3e Credits Dimas Maulana Required privilege...

WordPress Peach Payments Gateway Plugin <= 3.1.9 is vulnerable to Broken Access Control

Software Peach Payments Gateway Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25922 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ed5c43af060 Credits Abdi Pranata Required...

WordPress Paid Member Subscriptions Plugin <= 2.11.1 is vulnerable to Broken Access Control

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.11.1 Fixed in 2.11.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6361d41c5a14 Credits Lucio Sá Required...

WordPress WP Setup Wizard Plugin <= 1.0.8.1 is vulnerable to Sensitive Data Exposure

Software WP Setup Wizard Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-25917 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5a05aed5e6cb Credits Dave Jong Patchstack...