WordPress Audio Comparison Lite Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Audio Comparison Lite Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0a5a84c2cb69 Credits SOPROBRO Required privilege...

WordPress MPG Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61dc998feee8 Credits Rafshanzani Suhada Required privilege...

WordPress Website price calculator Plugin <= 4.1 is vulnerable to SQL Injection

Software Website price calculator Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51601 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 363bcb5a02a5 Credits LVT-tholv2k Required privilege Contributor...

WordPress amazing neo icon font for elementor Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software amazing neo icon font for elementor Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50543 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 973c64009b42 Credits Gab Required privile...

WordPress SIP Reviews Shortcode for WooCommerce Plugin <= 1.2.3 is vulnerable to SQL Injection

Software SIP Reviews Shortcode for WooCommerce Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6479 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID dfe9c064baeb Credits WordFence Required privilege...

WordPress WP Hotel Booking Plugin <= 2.1.4 is vulnerable to Local File Inclusion

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-51582 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5c0a345b0a12 Credits ghsinfosec Required privilege Contributor...

WordPress RSVP ME Plugin <= 1.9.9 is vulnerable to SQL Injection

Software RSVP ME Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50544 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1e22cf9c262a Credits LVT-tholv2k Required privilege Contributor Published 31...

WordPress ID-SK Toolkit Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software ID-SK Toolkit Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50517 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f37480f4086 Credits Gab Required privilege Contributor Publish...

WordPress Get Quote For Woocommerce Plugin <= 1.0.0 is vulnerable to Broken Access Control

Software Get Quote For Woocommerce Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9430 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed4687422c20 Credits stehled Required...

WordPress Administrator Z Plugin <= 2024.11.20 is vulnerable to SQL Injection

Software Administrator Z Type Plugin Vulnerable versions = 2024.11.20 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50524 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 23203529cd48 Credits stealthcopter Required privilege Subscriber...

WordPress Stars SMTP Mailer Plugin <= 1.7 is vulnerable to Arbitrary File Upload

Software Stars SMTP Mailer Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50530 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f048023ff8ae Credits stealthcopter Required privilege Subscrib...

WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication

Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9989 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a98b5d070482 Credits István Márton...

WordPress Easy Pricing Tables Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Pricing Tables Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8871 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 642ead38dfc7 Credits vgo0 Required...

WordPress WPC Smart Messages for WooCommerce Plugin <= 4.2.1 is vulnerable to Local File Inclusion

Software WPC Smart Messages for WooCommerce Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 61988e9cc775 Credits theviper17y Required...

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10108 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d98a67dcc148 Credits...

WordPress FileOrganizer Plugin <= 1.0.9 is vulnerable to Arbitrary File Upload

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7985 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9a28a4363098 Credits TANG Cheuk Hei siunam Required privilege...

WordPress StreamWeasels YouTube Integration Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels YouTube Integration Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10185 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 861dc6844504 Credits Peter...

WordPress Post Status Notifier Premium Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Status Notifier Premium Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dcdb37cb71e Credits...

WordPress Subscribe to Comments Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Subscribe to Comments Type Plugin Vulnerable versions = 2.3 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8792 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e73a4a4fc1e2 Credits vgo0 Required...

WordPress DS.DownloadList Plugin <= 1.3 is vulnerable to PHP Object Injection

Software DS.DownloadList Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-50507 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 98ea8810e98b Credits Mika Required privilege Unauthenticated...