WordPress Wheel of Life Plugin <= 1.1.7 is vulnerable to Broken Access Control

Software Wheel of Life Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3627 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 68abc18dc3c6 Credits Lucio Sá Required privilege...

WordPress Master Slider Plugin <= 3.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Master Slider Type Plugin Vulnerable versions = 3.9.10 Fixed in 3.10.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50900 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e2a39371f6f9 Credits LVT-tholv2k Require...

WordPress Page Builder: Live Composer Plugin <= 1.5.42 is vulnerable to PHP Object Injection

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.42 Fixed in 1.5.43 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-35780 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 6cf6e28bf12c Credits LVT-tholv2k Required...

WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Pexels: Free Stock Photos Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6132 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 042650894638 Credits István Márton Required...

WordPress Word Balloon Plugin <= 4.21.1 is vulnerable to Local File Inclusion

Software Word Balloon Type Plugin Vulnerable versions = 4.21.1 Fixed in 4.22.0 OWASP Top 10 A6: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-35781 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b66b1bcd514 Credits João Pedro S Alcântara...

WordPress Depicter Slider Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f1ad707b2c Credits Arkadiusz Hydzik Required...

WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Local File Inclusion

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in 4.6.14 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4098 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b8cd85e9b3c3 Credits haidv35 Required privilege Unauthenticated...

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

WordPress Salon booking system Plugin <= 10.2 is vulnerable to Arbitrary File Upload

Software Salon booking system Type Plugin Vulnerable versions = 10.2 Fixed in 10.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3229 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73c749725728 Credits Gibran Abdillah Required privilege...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-2381 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d2eaecbf428e Credits Lucio Sá Required privilege Subscriber...

WordPress Customizr Theme <= 4.4.21 is vulnerable to Cross Site Request Forgery (CSRF)

Software Customizr Type Theme Vulnerable versions = 4.4.21 Fixed in 4.4.22 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f2a240dd11c Credits Dhabaleshwar Das Require...

WordPress WP Magazine Modules Lite Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software WP Magazine Modules Lite Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5574 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 60f52a06449e Credits stealthcopter Required privilege...

WordPress Sirv Plugin <= 7.2.6 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.6 Fixed in 7.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-5853 Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID b8d1b016bf81 Credits Lucio Sá Required privilege Contributor Published 18 June,...

WordPress WordPress Picture / Portfolio / Media Gallery Plugin <= 3.0.1 is vulnerable to Server Side Request Forgery (SSRF)

Software WordPress Picture / Portfolio / Media Gallery Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5021 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 4f6e62e03ba9 Credits...

WordPress MIMO Woocommerce Order Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MIMO Woocommerce Order Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5768 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 17c034ea51f0 Credits Luci...

WordPress Greenshift – animation and page builder blocks Plugin <= 8.8.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Greenshift – animation and page builder blocks Type Plugin Vulnerable versions = 8.8.9.1 Fixed in 8.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb212ed9cc65 Credits João...

WordPress Excellent Theme <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Excellent Type Theme Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35763 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85c92164ea82 Credits stealthcopter Required privilege Contributor...

WordPress LatePoint Plugin <= 4.9.9 is vulnerable to Broken Access Control

Software LatePoint Type Plugin Vulnerable versions = 4.9.9 Fixed in 4.9.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2472 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID c507e34d06b9 Credits Gharib Sharifi - WaveSec Joel Avia...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.38 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.38 Fixed in 3.2.39 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4863 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 422e929006f1 Credits...