WordPress Chameleoni Jobs Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Chameleoni Jobs Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52459 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da3f6efdaf56 Credits João Pedro S Alcântara Kinorth...

WordPress WP e-Commerce Style Email Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Software WP e-Commerce Style Email Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52462 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 22630f6609c8 Credits SOPROBRO Required...

WordPress Quick Learn Plugin <= 1.0.1 is vulnerable to PHP Object Injection

Software Quick Learn Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52441 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 09d3039a1cf9 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Dynamic URL SEO Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Dynamic URL SEO Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52470 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f710c58fedfc Credits Mika Required privilege...

WordPress Youneeq Recommendations Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Youneeq Recommendations Type Plugin Vulnerable versions = 3.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52457 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8204a0f3cdb4 Credits João Pedro S Alcântara...

WordPress Bootscraper Plugin <= 2.1.0 is vulnerable to Local File Inclusion

Software Bootscraper Type Plugin Vulnerable versions = 2.1.0 Fixed in 4.0.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52449 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 54a81d2931c0 Credits tahu.datar Required privilege Unauthenticate...

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b71de0a7a1a1 Credits István Márton...

WordPress Post By Email Plugin <= 1.0.4b is vulnerable to Cross Site Scripting (XSS)

Software Post By Email Type Plugin Vulnerable versions = 1.0.4b Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52463 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d62ded22dc8c Credits Mika Required privilege...

WordPress Xpresslane Fast Checkout Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Xpresslane Fast Checkout Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52440 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2eaf53da7194 Credits LVT-tholv2k Required privilege...

WordPress Open edX LMS Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Open edX LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52452 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 991dc17302e9 Credits Mika Required privilege Unauthenticat...

WordPress Elfsight Telegram Chat CC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Elfsight Telegram Chat CC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10390 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fba1da063a Credits István...

WordPress Post Ideas Plugin <= 2 is vulnerable to SQL Injection

Software Post Ideas Type Plugin Vulnerable versions = 2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52451 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID fe96227444bb Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Lis Video Gallery Plugin <= 0.2.1 is vulnerable to PHP Object Injection

Software Lis Video Gallery Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52430 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a078bb126c5a Credits LVT-tholv2k Required privilege...

WordPress Event Tickets with Ticket Scanner Plugin <= 2.3.11 is vulnerable to Remote Code Execution (RCE)

Software Event Tickets with Ticket Scanner Type Plugin Vulnerable versions = 2.3.11 Fixed in 2.3.12 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52427 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 3ef418855694 Credits Hakiduck...

WordPress BulkPress Plugin <= 0.3.5 is vulnerable to Cross Site Scripting (XSS)

Software BulkPress Type Plugin Vulnerable versions = 0.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 569ddc3d9617 Credits vgo0 Required privilege...

WordPress WordPress Video Robot - The Ultimate Video Importer Plugin <= 1.20.0 is vulnerable to SQL Injection

Software WordPress Video Robot - The Ultimate Video Importer Type Plugin Vulnerable versions = 1.20.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52431 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 535a5d7fd7c2 Credits Bonds Requir...

WordPress Drop Shadow Boxes Plugin <= 1.7.14 is vulnerable to Arbitrary Code Execution

Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10262 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID ab9605f66d27 Credits Arkadiusz Hydzik Required privilege...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation

Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...

WordPress SimpleForm Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software SimpleForm Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9428f96f6e1 Credits Peter Thaleikis Required...