WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...

WordPress Meta News Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Meta News Type Theme Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50435 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d90fa015825d Credits tahu.datar Required privilege Unauthenticated...

WordPress NewsCard Theme <= 1.3 is vulnerable to Local File Inclusion

Software NewsCard Type Theme Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50434 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ddf0621fd895 Credits tahu.datar Required privilege Unauthenticated...

WordPress The Pack Elementor addons Plugin <= 2.0.9 is vulnerable to Local File Inclusion

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50453 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e424fb066139 Credits João Pedro S Alcânta...

WordPress File Upload Types Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software File Upload Types Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10016 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d655bda3dd64 Credits Francesco Carlucci...

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

WordPress WooCommerce UPS Shipping – Live Rates and Access Points Plugin <= 2.3.11 is vulnerable to Broken Access Control

Software WooCommerce UPS Shipping – Live Rates and Access Points Type Plugin Vulnerable versions = 2.3.11 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9109 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3cccbff59...

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.8.6 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.8.6 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b5246d239102 Credits Rafi...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...

WordPress Church Admin Plugin < 5.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions 5.0.0 Fixed in 5.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50438 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 007d5118baff Credits Le Ngoc Anh Required privilege...

WordPress wpDiscuz Plugin <= 7.6.24 is vulnerable to Broken Authentication

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.24 Fixed in 7.6.25 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9488 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c3cf059c4b56 Credits wesley wcraf...

WordPress Clean Retina Theme <= 3.0.6 is vulnerable to Local File Inclusion

Software Clean Retina Type Theme Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e56d05b5bd53 Credits tahu.datar Required privilege Unauthenticate...

WordPress WP Booking System Plugin <= 2.0.19.10 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.10 Fixed in 2.0.19.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50425 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ad36b04a505d Credits Trương Hữu Phúc...

WordPress Namaste! LMS Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50407 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8fa25cac3b50 Credits Hakiduck Required privilege...

WordPress Selection Lite Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)

Software Selection Lite Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50445 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d19a34cff88e Credits João Pedro S Alcântara Kinorth Required...

WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal

Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...

WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9865 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2193c9ee308 Credits zer0gh0st Required...

WordPress Terms descriptions Plugin <= 3.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Terms descriptions Type Plugin Vulnerable versions = 3.4.6 Fixed in 3.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9374 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8fca607d99fe Credits vgo0 Required...

WordPress DearFlip Plugin <= 2.3.32 is vulnerable to Cross Site Scripting (XSS)

Software DearFlip Type Plugin Vulnerable versions = 2.3.32 Fixed in 2.3.42 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8717 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4b31b90d091 Credits Noah Stead TurtleBurg...