WordPress Livemesh Addons for Elementor Plugin <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3638 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c5eeeb75963 Credits Webbernaut...

WordPress Bakes And Cakes Theme <= 1.2.6 is vulnerable to Broken Access Control

Software Bakes And Cakes Type Theme Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37496 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1a64d1962d4 Credits Dhabaleshwar Das Required...

WordPress Church Admin Plugin <= 4.4.6 is vulnerable to Arbitrary File Upload

Software Church Admin Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-37418 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID 3fae9e77c92b Credits Peng Zhou Required privilege Subscriber Publish...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.1.3 is vulnerable to Local File Inclusion

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-37501 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 09c35e44898b Credits João Pedro S Alcântar...

WordPress Zephyr Project Manager Plugin <= 3.3.97 is vulnerable to Privilege Escalation

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.97 Fixed in 3.3.99 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37484 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ba7243a615b Credits shaman0x01 Required...

WordPress bbPress Notify Plugin <= 2.18.3 is vulnerable to Cross Site Scripting (XSS)

Software bbPress Notify Type Plugin Vulnerable versions = 2.18.3 Fixed in 2.18.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37485 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64ebe76096fa Credits Dimas Maulana Required privileg...

WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor

Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress YITH WooCommerce Affiliates Plugin <= 3.8.0 is vulnerable to Backdoor

Software YITH WooCommerce Affiliates Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer YITH PSID 6b928027e13c Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress Product Customer List for WooCommerce Plugin <= 3.1.6 is vulnerable to Backdoor

Software Product Customer List for WooCommerce Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23316ac7b932 Credits Sansec.io Required privilege Unauthenticate...

WordPress Logic Hop Plugin <= 3.8.8 is vulnerable to Backdoor

Software Logic Hop Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.9.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e54343bdaeda Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Void Contact Form 7 Widget For Elementor Page Builder Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5419 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Events Manager Plugin <= 6.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.8 Fixed in 6.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5889 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a114bc7cd5f Credits kauenavarro Require...

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...

WordPress Pagerank Tools Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Pagerank Tools Type Plugin Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed7753fdc52a Credits Bob Matyas Required...

WordPress Simple AL Slider Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Simple AL Slider Type Plugin Vulnerable versions = 1.2.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0854b8133aa8 Credits Bob Matyas Require...

WordPress AWSM Team Plugin <= 1.3.1 is vulnerable to Local File Inclusion

Software AWSM Team Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a8caf37850ed Credits João Pedro S Alcântara Kinorth...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

WordPress OnePress Theme <= 2.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software OnePress Type Theme Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37448 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c9968969f7ad Credits Dhabaleshwar Das Required...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e5ceb2ec6d1 Credits Rafie Muhamma...