WordPress Order Tracking Plugin < 3.3.13 is vulnerable to Broken Access Control

Software Order Tracking Type Plugin Vulnerable versions 3.3.13 Fixed in 3.3.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID da6200de622c Credits Abdi Pranata Required privileg...

WordPress EmbedPress Plugin <= 4.0.9 is vulnerable to Local File Inclusion

Software EmbedPress Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43328 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 8a6dffdf0163 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Hello Agency Theme <= 1.0.5 is vulnerable to Broken Access Control

Software Hello Agency Type Theme Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43341 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dad92fd9c880 Credits Fariq Fadillah Gusti Insani...

WordPress Recipe Card Blocks for Gutenberg & Elementor Plugin <= 3.3.1 is vulnerable to Broken Access Control

Software Recipe Card Blocks for Gutenberg & Elementor Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19c361c53a3a Credits...

WordPress JetBlocks For Elementor Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7147 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 63831bec7c72 Credits stealthcopter...

WordPress Presto Player Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Presto Player Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43285 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 632e04c55037 Credits Rafie Muhammad Patchstack...

WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure

Software Relevanssi Type Plugin Vulnerable versions = 4.22.2 Fixed in 4.23.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7630 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cdb75757e257 Credits stealthcopter Required...

WordPress Custom Field For WP Job Manager Plugin <= 1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Custom Field For WP Job Manager Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7049 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3021ad422dd8 Credits...

WordPress Download Plugins and Themes from Dashboard Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Download Plugins and Themes from Dashboard Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7501 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 299a7b2ab8c8...

WordPress WooCommerce Plugin <= 9.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39666 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e41b7df57a0 Credits stealthcopter Required privilege...

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

WordPress Purity Of Soul Theme <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Purity Of Soul Type Theme Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43348 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e3680e055fd Credits justakazh Required privilege...

WordPress InPost PL Plugin <= 1.4.4 is vulnerable to Arbitrary File Deletion

Software InPost PL Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-6500 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 35e3c8ad65b3 Credits 1337Wannabe Required privilege...

WordPress Clone Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92218c2f2d27 Credits Ananda Dhakal Patchstack Required...

WordPress Modal Window Plugin <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Modal Window Type Plugin Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 956b00accf44 Credits LVT-tholv2k Required privilege Contributo...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...

WordPress Depicter Slider Plugin <= 3.1.1 is vulnerable to Arbitrary File Upload

Software Depicter Slider Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4389 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 73585a151085 Credits Arkadiusz Hydzik Required privilege...

WordPress Term And Category Based Posts Widget Plugin < 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Term And Category Based Posts Widget Type Plugin Vulnerable versions 4.9.13 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ddaec10bd6e Credits Dmitrii Ignatyev...