WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49290 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c5a09464e377 Credits RE-ALTER Required privileg...

WordPress PDF-Rechnungsverwaltung Plugin <= 0.0.1 is vulnerable to Local File Inclusion

Software PDF-Rechnungsverwaltung Type Plugin Vulnerable versions = 0.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-49287 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e30e75b2fb5a Credits tahu.datar Required privilege...

WordPress Accordion Slider Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Accordion Slider Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9582 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14d97d769a8a Credits Muhammad Adel ItsFadi...

WordPress AADMY Plugin <= 2.0.1 is vulnerable to Content Injection

Software AADMY Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9837 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e1df1286c7c4 Credits Francesco Carlucci Required privilege...

WordPress Community by PeepSo Plugin <= 6.4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Community by PeepSo Type Plugin Vulnerable versions = 6.4.6.1 Fixed in 6.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9873 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 149b9a71dcfc Credits Bikram...

WordPress Edwiser Bridge Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Edwiser Bridge Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49311 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 21963ed8844c Credits Muhammad Daffa Required privilege...

WordPress Da Reactions Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Da Reactions Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49255 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e927ad34c153 Credits Khalid Yusuf Required privilege Contribut...

WordPress El mejor Cluster Plugin <= 1.1.14 is vulnerable to Cross Site Scripting (XSS)

Software El mejor Cluster Type Plugin Vulnerable versions = 1.1.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49232 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8cbf4161bc96 Credits Khalid Yusuf Required privilege...

WordPress Htaccess File Editor Plugin <= 1.0.18 is vulnerable to Broken Access Control

Software Htaccess File Editor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6dd94150ebc Credits savphill Require...

WordPress BuddyPress Better Registration Plugin <= 1.6 is vulnerable to Broken Authentication

Software BuddyPress Better Registration Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-49247 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4288fed05f70...

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

WordPress Plexx Elementor Extension Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Plexx Elementor Extension Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d2192b71a7de Credits Khalid Yusuf Required...

WordPress Linked Variation for WooCommerce Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Linked Variation for WooCommerce Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-48047 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 314234821b77 Credits Marek Mikita...

WordPress cSlider Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software cSlider Type Plugin Vulnerable versions = 2.4.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49221 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fee1f2fb0a1b Credits SOPROBRO Required...

WordPress Rescue Shortcodes Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 55990669c666 Credits Peter Thaleikis Required...

WordPress disconnected Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software disconnected Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49268 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8595c00a71d4 Credits justakazh Required privilege...

WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

WordPress Order Attachments for WooCommerce Plugin 2.0 - 2.4.1 is vulnerable to Broken Access Control

Software Order Attachments for WooCommerce Type Plugin Vulnerable versions 2.0 - 2.4.1 Fixed in 2.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9756 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dca315263a7c Credits luckynoo...

WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64726d176639 Credits Michelle Porter Required...

WordPress Azz Anonim Posting Plugin <= 0.9 is vulnerable to Arbitrary File Upload

Software Azz Anonim Posting Type Plugin Vulnerable versions = 0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49257 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a0f84f528406 Credits stealthcopter Required privilege...