WordPress Download Plugin Plugin <= 2.2.0 is vulnerable to Broken Access Control

Software Download Plugin Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9829 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da1ab1cf4af2 Credits WordFence Required...

WordPress WooCommerce Order Proposal Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software WooCommerce Order Proposal Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9927 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d873b6f7fa89 Credit...

WordPress ProfilePress Pro Plugin <= 4.11.1 is vulnerable to Broken Authentication

Software ProfilePress Pro Type Plugin Vulnerable versions = 4.11.1 Fixed in 4.11.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9947 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID adce137ed816 Credits wesl...

WordPress Bet WC 2018 Russia Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Bet WC 2018 Russia Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49637 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4d264180c24 Credits Le Ngoc Anh Required privilege...

WordPress BP Member Type Manager Plugin <= 1.01 is vulnerable to Cross Site Scripting (XSS)

Software BP Member Type Manager Type Plugin Vulnerable versions = 1.01 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49634 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ae38971a18f4 Credits João Pedro S Alcântara Kinor...

WordPress Banner Slider Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Banner Slider Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49635 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54728b0228c3 Credits João Pedro S Alcântara Kinorth Require...

WordPress ACL Floating Cart for WooCommerce Plugin <= 0.9 is vulnerable to Cross Site Scripting (XSS)

Software ACL Floating Cart for WooCommerce Type Plugin Vulnerable versions = 0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49640 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4827b6dd4102 Credits Mika Required...

WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9589 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c6a133f113d Credits István...

WordPress DocumentPress Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DocumentPress Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9ccb703f5e18 Credits Mika Required privilege Unauthenticate...

WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Deletion

Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49657 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 209728d5f5a9 Credits stealthcopter Required privilege...

WordPress Tida URL Screenshot Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Tida URL Screenshot Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49641 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 97c4a19331ca Credits Mika Required privilege...

WordPress Verbalize WP Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Verbalize WP Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49668 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5d5cf04a7cde Credits stealthcopter Required privilege Unauthenticate...

WordPress LaTeX2HTML Plugin <= 2.5.4 is vulnerable to Cross Site Scripting (XSS)

Software LaTeX2HTML Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49673 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 14e6f2ad72df Credits Muhamad Agil Fachrian Required...

WordPress Monitor.chat Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Monitor.chat Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49639 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c019b6d72e6e Credits Mika Required privilege Unauthenticat...

WordPress Woocommerce Custom Profile Picture Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Woocommerce Custom Profile Picture Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49658 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID a92aac6ed113 Credits stealthcopter Required...

WordPress Simple Custom Admin Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Custom Admin Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49647 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3970364b5682 Credits Mika Required privilege...

WordPress HD Quiz – Save Results Light Plugin <= 0.5 is vulnerable to Broken Access Control

Software HD Quiz – Save Results Light Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 904268a13b03 Credits Fariq Fadillah Gusti...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.3.5 is vulnerable to Sensitive Data Exposure

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.36 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-49683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb194b3fd454 Credits Joshua...

WordPress WP ERP Plugin <= 1.13.2 is vulnerable to Cross Site Scripting (XSS)

Software WP ERP Type Plugin Vulnerable versions = 1.13.2 Fixed in 1.13.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47640 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f966aa5626b2 Credits Le Ngoc Anh Required privilege...