WordPress MultiManager WP Plugin <= 1.0.5 is vulnerable to Broken Authentication

Software MultiManager WP Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-11028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e81dabfc85 Credits shaman0x01 Required privilege...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

WordPress RSS Feed Widget Plugin < 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Feed Widget Type Plugin Vulnerable versions 3.0.1 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9835 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a28316c34943 Credits Bob Matyas Required...

WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...

WordPress Advanced Form Integration Plugin <= 1.92.0 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Form Integration Type Plugin Vulnerable versions = 1.92.0 Fixed in 1.92.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8dcdef7d81d Credits Peter...

WordPress MPG Plugin <= 4.0.2 is vulnerable to Path Traversal

Software MPG Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-10672 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 3c7693c48068 Credits Arkadiusz Hydzik Required privilege Editor...

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Redirect & Thank You Page Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10685 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b725076f7fcb...

WordPress Easy CSV Importer BETA Plugin <= 7.0.0 is vulnerable to Arbitrary File Upload

Software Easy CSV Importer BETA Type Plugin Vulnerable versions = 7.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52372 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 760bb0fc208a Credits stealthcopter Required privilege...

WordPress Master Addons for Elementor Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.6.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52387 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fab3ef01c18f Credits Michael Required privilege...

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52383 Patch priority High CVSS severity High 7.5 Developer Claim...

WordPress WOLF Plugin <= 1.0.8.3 is vulnerable to Path Traversal

Software WOLF Type Plugin Vulnerable versions = 1.0.8.3 Fixed in 1.0.8.4 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-52396 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 1a1949b4101b Credits Trương Hữu Phúc truonghuuphuc Require...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

WordPress EventPress Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software EventPress Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51861 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2952d5f238c Credits SOPROBRO Required privilege Contributor...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

WordPress Redirecter Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Redirecter Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51855 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dfdafabcd66b Credits SOPROBRO Required privilege Contributor Publish...

WordPress Adventure Bucket List Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Adventure Bucket List Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51908 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a843ca67ed0 Credits SOPROBRO Required privilege...

WordPress Envo Extra Plugin <= 1.9.3 is vulnerable to Sensitive Data Exposure

Software Envo Extra Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10770 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c74e911b1aae Credits Francesco Carlucci Required privilege...

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...