WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

WordPress WP Post Author Plugin <= 3.8.1 is vulnerable to SQL Injection

Software WP Post Author Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8757 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 459e7e4ad115 Credits Lesor101 Required privilege Administrator Published...

WordPress ShortPixel Image Optimizer Plugin <= 5.6.3 is vulnerable to Broken Access Control

Software ShortPixel Image Optimizer Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-48044 Patch priority Low CVSS severity Low 5.4 Developer ShortPixel PSID a501abcf0465 Credits Rafie Muhammad Patchsta...

WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8b4c5ec7c9db Credits John Castro Required privilege...

WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9519 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 64930a4c20d0 Credits István Márton Required privilege...

WordPress Pedalo Connector Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software Pedalo Connector Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9822 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4f984c880363 Credits István...

WordPress PublishPress Revisions Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software PublishPress Revisions Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9436 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3677d6c152ff Credits vgo0...

WordPress FULL Customer Plugin <= 3.1.22 is vulnerable to Cross Site Scripting (XSS)

Software FULL Customer Type Plugin Vulnerable versions = 3.1.22 Fixed in 3.1.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 199342483259 Credits vgo0 Required...

WordPress Language Switcher Plugin <= 3.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Language Switcher Type Plugin Vulnerable versions = 3.7.13 Fixed in 3.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9610 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7600fb4498d2 Credits vgo0 Required...

WordPress IP Loc8 Plugin <= 1.1 is vulnerable to PHP Object Injection

Software IP Loc8 Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 037f1dc8325d Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Disc Golf Manager Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Disc Golf Manager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48026 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ad0f79b4fc3a Credits LVT-tholv2k Required privilege...

WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection

Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...

WordPress External featured image from bing Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software External featured image from bing Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-48027 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID dfcd7085e39e Credits João...

WordPress pretix widget Plugin <= 1.0.5 is vulnerable to Local File Inclusion

Software pretix widget Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2024-9575 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a2933f81cf6 Credits João Pedro S Alcântara Kinorth Required...

WordPress Maximum Products per User for WooCommerce Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Maximum Products per User for WooCommerce Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9205 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a571f465eb2...

WordPress BuddyPress Docs Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Docs Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9207 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d79eef12da8e Credits vgo0 Required...

WordPress Auto iFrame Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Auto iFrame Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9449 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 731554979a26 Credits tjoffe Required privilege Author...

WordPress ThemeHunk Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software ThemeHunk Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8433 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c1773d3ddeac Credits Lucio Sá Required...

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...