WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dd46b4b9ae28 Credits Lucio Sá Required privileg...

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...

WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.5.13 Fixed in 7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24879 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d3a58aec2719 Credits Yudistira Arya Required privilege...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.1 is vulnerable to Broken Access Control

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1092 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d6dde9967d92 Credits Muhammad Daffa Requir...

WordPress Apollo13 Framework Extensions Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Apollo13 Framework Extensions Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24880 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c7023587281d Credits LVT-tholv2k Required...

WordPress LearnDash LMS Plugin <= 4.10.1 is vulnerable to Sensitive Data Exposure

Software LearnDash LMS Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eac39e71b914 Credits Karl Emil Nikka Required...

WordPress Anonymous Restricted Content Plugin <= 1.6.2 is vulnerable to Bypass Vulnerability

Software Anonymous Restricted Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0909 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3b50fe0358a1 Credits Francesco Carlucci...

WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contest Gallery Type Plugin Vulnerable versions = 21.2.8.4 Fixed in 21.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24887 Patch priority Low CVSS severity Low 5.4 Developer Wasiliy Strecker PSID bc8832951ec5 Credits Dhabaleshwar D...

WordPress CP Polls Plugin <= 1.0.71 is vulnerable to Bypass Vulnerability

Software CP Polls Type Plugin Vulnerable versions = 1.0.71 Fixed in 1.0.72 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-24873 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b041270a0860 Credits Kyle Sanchez Required privilege...

WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Software Wonder Slider Lite Type Plugin Vulnerable versions = 13.9 Fixed in 14.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 535b8a842a2e Credits Dimas Maulana Required privileg...

WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...

WordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Mighty Addons for Elementor Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24846 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 487dfa184881 Credits Yudistira Arya Require...

WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74b9c66453a9 Credits LVT-tholv2k Required privilege...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6.1 is vulnerable to Broken Access Control

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6.1 Fixed in 1.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0797 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0495675d205 Credits...

WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...

WordPress Shareaholic Plugin <= 9.7.11 is vulnerable to Broken Access Control

Software Shareaholic Type Plugin Vulnerable versions = 9.7.11 Fixed in 9.7.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24709 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e941ba723f22 Credits Abdi Pranata Required...

WordPress Review Schema Plugin <= 2.1.14 is vulnerable to Broken Access Control

Software Review Schema Type Plugin Vulnerable versions = 2.1.14 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 61e084c0e677 Credits Francesco Carlucci Required...

WordPress Load More Anything Plugin <= 3.3.3 is vulnerable to Broken Access Control

Software Load More Anything Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24704 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 21a4ab3d4f55 Credits Elliot Required...

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0790 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f8d9bc304588 Credits Francesco Carlucci Required...