WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress Fancy Product Designer Plugin < 6.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.8 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0905 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fb94dea6052 Credits Bob Matyas...

WordPress Duplicate Post Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Duplicate Post Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8977e93ea85 Credits Dhabaleshwar Das Required...

WordPress Financio Theme <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Financio Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33690 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a500173c6581 Credits Dhabaleshwar Das Required...

WordPress Accountra Theme <= 1.0.3 is vulnerable to Broken Access Control

Software Accountra Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56009c31f7f6 Credits Dhabaleshwar Das Required privilege...

WordPress Call Now Button Plugin < 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Call Now Button Type Plugin Vulnerable versions 1.4.7 Fixed in 1.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2908 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1848a4a46e87 Credits Dikshita Trivedi...

WordPress PPOM for WooCommerce Plugin <= 32.0.18 is vulnerable to Arbitrary File Upload

Software PPOM for WooCommerce Type Plugin Vulnerable versions = 32.0.18 Fixed in 32.0.19 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3962 Patch priority High CVSS severity High 10 Developer Claim ownership PSID e45867d8f81a Credits andrea bocchetti Required...

WordPress WP SMTP Plugin 1.2 - 1.2.6 is vulnerable to SQL Injection

Software WP SMTP Type Plugin Vulnerable versions 1.2 - 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1789 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cf0dba8db665 Credits Christiaan Swiers YouGina Required privilege...

WordPress Photology Theme <= 1.1.3 is vulnerable to Broken Access Control

Software Photology Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29f6cff8157b Credits Dhabaleshwar Das Required privilege...

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...

WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

WordPress SSL Mixed Content Fix Plugin <= 3.2.6 is vulnerable to Broken Access Control

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11237d78fd75 Credits Dhabaleshwar Das Requir...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...

WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...

WordPress XStore Theme <= 9.3.8 is vulnerable to SQL Injection

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33559 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0996b4472188 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Better Elementor Addons Plugin <= 1.4.1 is vulnerable to Local File Inclusion

Software Better Elementor Addons Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-33541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62efde4398ca Credits Ray Wilson Required...

WordPress Recencio Book Reviews Plugin <= 1.66.0 is vulnerable to Cross Site Scripting (XSS)

Software Recencio Book Reviews Type Plugin Vulnerable versions = 1.66.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33648 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d6b95a95ae6 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress PropertyHive Plugin <= 2.0.12 is vulnerable to Broken Access Control

Software PropertyHive Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 20b9880edd45 Credits Lucio Sá Required privilege...

WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...