WordPress Fancy Elementor Flipbox Plugin <= 2.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2349 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd388fab11b8 Credits Francesco Carluc...

WordPress Grid Gallery Plugin <= 1.4.3 is vulnerable to PHP Object Injection

Software Grid Gallery Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1897 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 43f9768655e4 Credits Francesco Carlucci Required privilege...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)

Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...

WordPress Google Typography Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Google Typography Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33942 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8afac0da0e50 Credits Abdi Pranata Required privile...

WordPress Event Management Tickets Booking Plugin <= 1.3.4 is vulnerable to PHP Object Injection

Software Event Management Tickets Booking Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1895 Patch priority Medium CVSS severity Medium 7.4 Developer Claim ownership PSID d93e6770a231 Credits Francesco Carlucci...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...

WordPress Masteriyo - LMS Plugin <= 1.7.3 is vulnerable to Broken Authentication

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-33939 Patch priority Medium CVSS severity Medium 5.3 Developer Masteriyo PSID ce37ea579b31 Credits Steven Julian Required privilege...

WordPress WPC Composite Products for WooCommerce Plugin <= 7.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WPC Composite Products for WooCommerce Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2838 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c5256a4c7c7a...

WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)

Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...

WordPress Share This Image Plugin <= 1.98 is vulnerable to Open Redirection

Software Share This Image Type Plugin Vulnerable versions = 1.98 Fixed in 1.99 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-33930 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 8ff8b7f51b08 Credits stealthcopter Required privilege Unauthenticate...

WordPress Social Share Buttons by Supsystic Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Social Share Buttons by Supsystic Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47330 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 619b2c170607 Credits Abdi...

WordPress Embed Google Fonts Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software Embed Google Fonts Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530cac3d37a Credits Abdi Pranata Required...

WordPress Democracy Poll Plugin <= 6.0.3 is vulnerable to Broken Access Control

Software Democracy Poll Type Plugin Vulnerable versions = 6.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33920 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 4ebe2afd67c8 Credits thiennv Required privilege...

WordPress Directorist Plugin <= 7.8.6 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.6 Fixed in 7.9.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33929 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4002917cae9a Credits Dhabaleshwar Das Required privile...

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

WordPress Radio Station Plugin <= 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Radio Station Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abbc08921ba2 Credits Dhabaleshwar Das...

WordPress Backup Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8830eaae290 Credits Dhabaleshwar Das Required...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

WordPress Althea WP Theme <= 1.0.13 is vulnerable to Broken Access Control

Software Althea WP Type Theme Vulnerable versions = 1.0.13 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5f642c59b Credits Dhabaleshwar Das Required privileg...