WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Software WooCommerce Easy Checkout Field Editor, Fees & Discounts Type Plugin Vulnerable versions = 3.5.12 Fixed in 3.5.13 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25925 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a8071054e8b4 Credi...

WordPress EazyDocs Plugin < 2.4.0 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0248 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64066df73b6f Credits Majed Refaea Required privilege...

WordPress Analytics Insights for Google Analytics Plugin < 6.3 is vulnerable to Open Redirection

Software Analytics Insights for Google Analytics Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A4: Insecure Design Classification Open Redirection CVE CVE-2024-0250 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 9730ef8fd8fe Credits Krzysztof Zając CERT PL...

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin < 3.0.0 is vulnerable to Broken Authentication

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-6036 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9bc7bba9b677 Credits...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1157 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d94380d5f2fc Credits Mdr Required privilege...

WordPress MapPress Maps for WordPress Plugin < 2.88.16 is vulnerable to Sensitive Data Exposure

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.16 Fixed in 2.88.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800421954891 Credits Erwan LR...

WordPress WP Editor Plugin <= 1.2.7 is vulnerable to Sensitive Data Exposure

Software WP Editor Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-25591 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 005894aaae3d Credits Joshua Chan...

WordPress Canto Plugin <= 3.0.6 is vulnerable to Remote Code Execution (RCE)

Software Canto Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25096 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5a102fd4265b Credits Rodrigo Escobar ipax Required privilege...

WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload

Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25909 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID e05dfe398169 Credits Dave Jong Patchstack Required privilege...

WordPress Eventin Plugin <= 3.3.50 is vulnerable to Broken Access Control

Software Eventin Type Plugin Vulnerable versions = 3.3.50 Fixed in 3.3.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1122 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a2c7fec8c772 Credits Francesco Carlucci Required privileg...

WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to SQL Injection

Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0594 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 63f2c5ccd5ea Credits Krzysztof Zając Required privilege Subscriber...

WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25910 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 376a551a56e9 Credits Dave Jong Patchstack Required privilege Unauthenticated...

WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software VK Poster Group Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-24932 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1880d39de9c0 Credits Le Ngoc Anh Require...

WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Before After Image Slider WP Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24931 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a36c65d6ecc8 Credits Ngô Thiên An ancorn from...

WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Brooklyn Type Theme Vulnerable versions = 4.9.7.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24927 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 61a468418831 Credits Rafie Muhammad Patchstack Required...

WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Honeypot for WP Comment Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24933 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 01642edd0b7b Credits Dimas Maulana Required...

WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Arbitrary File Deletion

Software Honeypot for WP Comment Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary File Deletion CVE CVE-2024-1350 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 972e393f6005...

WordPress WP Recipe Maker Plugin <= 9.1.2 is vulnerable to Broken Access Control

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1206 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 59c6b1fa45e4 Credits Lucio Sá Required privilege...

WordPress Booking Calendar Plugin <= 9.9 is vulnerable to SQL Injection

Software Booking Calendar Type Plugin Vulnerable versions = 9.9 Fixed in 9.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1207 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID f33b420f42e8 Credits Muhammad Hassham Nagori Required privilege...

WordPress Customer Reviews for WooCommerce Plugin <= 5.38.12 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.12 Fixed in 5.39.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1044 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7bfc65d6b633 Credits Francesco...