WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

WordPress Custom Permalinks Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Permalinks Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0926 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 85e376d90fe6 Credits Ram Required privilege...

WordPress JobSearch Plugin <= 2.5.4 is vulnerable to Broken Access Control

Software JobSearch Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43929 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7bad1c217a2 Credits Ananda Dhakal Patchstack...

WordPress MaxButtons Plugin <= 9.7.8 is vulnerable to Sensitive Data Exposure

Software MaxButtons Type Plugin Vulnerable versions = 9.7.8 Fixed in 9.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6499 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c468e4e161ae Credits stealthcopter Required privileg...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress User Private Files Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software User Private Files Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7848 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f9aa46f01a Credits Peter Thaleikis Required...

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

WordPress Sirv Plugin <= 7.2.7 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE N/A Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID 9e701815e83c Credits scottaglia Required privilege Contributor Published 22 August, 2024...

WordPress LH Add Media From Url Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software LH Add Media From Url Type Plugin Vulnerable versions = 1.23 Fixed in 1.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b062d0fb1671 Credits Piotr Kuśpit...

WordPress App Builder Plugin <= 4.3.3 is vulnerable to SQL Injection

Software App Builder Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7651 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4b83b8e2e95a Credits vgo0 Required privilege Unauthenticated Published 21...

WordPress WP Last Modified Info Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Last Modified Info Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6864 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e374934e79b Credits Webbernaut Require...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to Arbitrary File Deletion

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-5941 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 0a50b2a00b5f Credits villu164 Required privilege...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to SQL Injection

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6847 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2bfe1eee61ea Credits Karolis Narvilas Required privilege Unauthenticat...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6843 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29f289a57217 Credits Karolis Narvilas...

WordPress Skitter Slideshow Plugin <= 2.5.2 is vulnerable to Server Side Request Forgery (SSRF)

Software Skitter Slideshow Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-1751 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 248ddea6bcba Credits Bartu Utku SARP Required...

WordPress Admission AppManager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Admission AppManager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4507 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 138041d75b79 Credits zulu caPWN...

WordPress Bricks Builder Theme <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bricks Builder Type Theme Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3408 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a8763892e84e Credits Ram Required privilege...

WordPress GEO my WordPress Plugin < 4.5.0.2 is vulnerable to Local File Inclusion

Software GEO my WordPress Type Plugin Vulnerable versions 4.5.0.2 Fixed in 4.5.0.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6330 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1d2a75d492b7 Credits Michael Dyrna Required privilege...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43304 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bdccb41579f9 Credi...

WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...