WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to SQL Injection

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48020 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 257cfd27ce2c Credits Hakiduck Required...

WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability

Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...

WordPress Embed PDF Viewer Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Embed PDF Viewer Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f682b615e5b7 Credits tjoffe Required privile...

WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9528 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 973bb3afee30 Credits Ivan Kuzymchak Required...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 148c8b46d288 Credits Keitaro Yamazaki...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a4b648ba0bb Credits Keitaro Yamazaki Required...

WordPress Auto Amazon Links Plugin <= 5.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Auto Amazon Links Type Plugin Vulnerable versions = 5.4.2 Fixed in 5.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9349 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 432d964bd7ed Credits vgo0 Required...

WordPress Memberful Plugin <= 1.73.7 is vulnerable to Cross Site Scripting (XSS)

Software Memberful Type Plugin Vulnerable versions = 1.73.7 Fixed in 1.73.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9242 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID adec2a644a1d Credits vgo0 Required privilege...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.66 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.66 Fixed in 4.9.67 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9435 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a5108d6c15b...

WordPress Social Web Suite Plugin <= 4.1.11 is vulnerable to Arbitrary File Download

Software Social Web Suite Type Plugin Vulnerable versions = 4.1.11 Fixed in 4.1.12 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8352 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9b823a04681b Credits Thanh Nam Tran Required...

WordPress PWA Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software PWA Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c235cb7639b9 Credits Francesco Carlucci Required privileg...

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

WordPress Custom Banners Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom Banners Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8799 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cfcbb86b25ba Credits vgo0 Required privilege...

WordPress WooCommerce – Store Exporter Plugin <= 2.7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce – Store Exporter Type Plugin Vulnerable versions = 2.7.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8793 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5baa5a642e95 Credits vgo0...

WordPress DK PDF Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software DK PDF Type Plugin Vulnerable versions = 1.9.6 Fixed in 1.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8727 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce80562602cc Credits vgo0 Required privilege...

WordPress Affiliate Pro - Affiliate Program for WooCommerce & WordPress Plugin <= 8.4.1 is vulnerable to Privilege Escalation

Software Affiliate Pro - Affiliate Program for WooCommerce & WordPress Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.5.0 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a5bcf0c87e...

WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...

WordPress KB Support Plugin <= 1.6.6 is vulnerable to Broken Access Control

Software KB Support Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8548 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4619b943c20e Credits Krzysztof Zając Required privileg...