WordPress Emergency Password Reset Plugin <= 8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Emergency Password Reset Type Plugin Vulnerable versions = 8.0 Fixed in 9.0 OWASP Top 10 A8: Software and Data Integrity Failures Classification Cross Site Request Forgery CSRF CVE CVE-2024-35648 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cd74213ad8d6 Credits...

WordPress Advanced Custom Fields PRO Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1daa59fd8d88 Credits Scott Kingsley Clark...

WordPress Master Addons for Elementor Plugin <= 2.0.5.4.1 is vulnerable to Broken Access Control

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.5.4.1 Fixed in 2.0.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7197d57368a4 Credits Khali...

WordPress Elements For Elementor Plugin <= 2.1 is vulnerable to Local File Inclusion

Software Elements For Elementor Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5348 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 9e9484637a31 Credits stealthcopter Required privilege...

WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)

Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...

WordPress Responsive Owl Carousel for Elementor Plugin <= 1.2.0 is vulnerable to Local File Inclusion

Software Responsive Owl Carousel for Elementor Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5345 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 48748da13e8e Credits stealthcopter Require...

WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection

Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...

WordPress WP Back Button Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Back Button Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35643 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 90452d019b78 Credits alfido osdie Patchstack Alliance Required...

WordPress Comparison Slider Plugin <= 1.0.5 is vulnerable to Broken Access Control

Software Comparison Slider Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f32c9b917a8 Credits Benedictus Jovan aillesiM...

WordPress Ninja Tables Plugin <= 5.0.9 is vulnerable to Server Side Request Forgery (SSRF)

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-35635 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 2b5ac1cd1dee Credits Yuchen J...

WordPress Simple Spoiler Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Spoiler Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35639 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c046b9bc81be Credits Cronus Required privilege Administrator...

WordPress Testimonial Carousel For Elementor Plugin <= 10.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Carousel For Elementor Type Plugin Vulnerable versions = 10.2.2 Fixed in 10.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2253 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411cbe7852c2 Credits...

WordPress Swiss Toolkit For WP Plugin <= 1.0.7 is vulnerable to Broken Authentication

Software Swiss Toolkit For WP Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-5204 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 07e08699642a Credits István Márton...

WordPress Yumpu ePaper publishing Plugin <= 2.0.24 is vulnerable to Broken Access Control

Software Yumpu ePaper publishing Type Plugin Vulnerable versions = 2.0.24 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3277 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 08c9f70d34e3 Credits Lucio Sá Required...

WordPress Login with phone number Plugin <= 1.7.26 is vulnerable to Privilege Escalation

Software Login with phone number Type Plugin Vulnerable versions = 1.7.26 Fixed in 1.7.27 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-5150 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID a2294e0242d6 Credits István Márton Required...

WordPress Easy Digital Downloads – Recent Purchases Plugin <= 1.0.2 is vulnerable to Remote File Inclusion

Software Easy Digital Downloads – Recent Purchases Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-35629 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 23e0c1b90e02 Credits YCInfosec Require...

WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Contact Form 7 and Constant Contact Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35632 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Popup Builder Plugin < 1.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 1.1.33 Fixed in 1.1.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c56e5abe41cb Credits Eunho Kim Required privile...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

WordPress WP Photo Album Plus Plugin <= 8.7.00.003 is vulnerable to Content Injection

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.00.003 Fixed in 8.7.00.004 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4037 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c20c334a973 Credits stealthcopter Required...