WordPress SCSS Happy Compiler Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)

Software SCSS Happy Compiler Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5600 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d155b6e3b303 Credits Lucio Sá Requir...

WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9fc0b88e6af6 Credits Francesco Carlucci...

WordPress Jobmonster Theme <= 4.7.4 is vulnerable to Privilege Escalation

Software Jobmonster Type Theme Vulnerable versions = 4.7.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2a728f531379 Credits Dave Jong Patchstack Required...

WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37929 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a51ba27e9212 Credits Dave Jong Patchstac...

WordPress Easy Table of Contents Plugin < 2.0.67 is vulnerable to Cross Site Scripting (XSS)

Software Easy Table of Contents Type Plugin Vulnerable versions 2.0.67 Fixed in 2.0.67.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb1a71a30d2b Credits Dmitrii Ignatye...

WordPress Houzez CRM Plugin <= 1.4.2 is vulnerable to SQL Injection

Software Houzez CRM Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 666665555649 Credits István Márton Required privilege Seller Published 9 Jul...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.112 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.112 Fixed in 1.5.113 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6169 Patch priority Low CVSS severity Low 6.5 Developer Unlimited...

WordPress Product Table by WBW Plugin <= 2.0.1 is vulnerable to Remote Code Execution (RCE)

Software Product Table by WBW Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-6365 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2876ab65f8b4 Credits Foxyyy Required privilege...

WordPress Modern Events Calendar Lite Plugin <= 7.11.0 is vulnerable to Arbitrary File Upload

Software Modern Events Calendar Lite Type Plugin Vulnerable versions = 7.11.0 Fixed in 7.12.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-5441 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9f8e6c792dc5 Credits Foxyyy Required privilege...

WordPress Ultimate Auction Plugin <= 4.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed8502cd34a3 Credits Majed Refaea...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37549 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5b92af9f47f3 Credits Cronus Required privile...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37515 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 4539c5a9e2c2 Credits LVT-tholv2k...

WordPress Spectra Plugin <= 2.13.7 is vulnerable to Broken Access Control

Software Spectra Type Plugin Vulnerable versions = 2.13.7 Fixed in 2.13.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37517 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dc287e0a3ecb Credits Rafie Muhammad Patchstack Required...

WordPress BookYourTravel Theme <= 8.18.17 is vulnerable to Privilege Escalation

Software BookYourTravel Type Theme Vulnerable versions = 8.18.17 Fixed in 8.18.19 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37952 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8b015f16ebdc Credits Dave Jong Patchstack...

WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control

Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37510 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a9ef1ac55d95 Credits Dhabaleshwar Das Require...

WordPress HelloAsso Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software HelloAsso Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.1.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37488 Patch priority Low CVSS severity Low 6.5 Developer HelloAsso PSID 06d0e3dad62d Credits justakazh Required privilege Contributor Publishe...

WordPress IMGspider Plugin <= 2.3.10 is vulnerable to Arbitrary File Upload

Software IMGspider Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6319 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 7f35690ce29e Credits István Márton Required privilege...

WordPress WP Directory Kit Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Directory Kit Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37487 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7617d8e7c195 Credits Dimas Maulana Required privileg...

WordPress One Click Order Re-Order Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software One Click Order Re-Order Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5641 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a046b0fddb6b Credits Lucio Sá...