WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...

WordPress Quick Featured Images Plugin <= 13.7.0 is vulnerable to Broken Access Control

Software Quick Featured Images Type Plugin Vulnerable versions = 13.7.0 Fixed in 13.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3664 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 955c9c9acc5c Credits Lucio Sá Required...

WordPress Newsletters Plugin <=4.9.5 is vulnerable to Sensitive Data Exposure

Software Newsletters Type Plugin Vulnerable versions =4.9.5 Fixed in 4.9.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32953 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5684766cc1ef Credits Peng Zhou Required privilege...

WordPress Integrate Google Drive Plugin <= 1.3.9 is vulnerable to Broken Access Control

Software Integrate Google Drive Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.3.91 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32813 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3bec4c127fe1 Credits Steven Julian Require...

WordPress Sendinblue for WooCommerce Plugin <= 4.0.17 is vulnerable to Arbitrary File Download

Software Sendinblue for WooCommerce Type Plugin Vulnerable versions = 4.0.17 Fixed in 4.0.18 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32807 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1a6d8c4d6ed3 Credits Yudistira Arya...

WordPress BizPrint Plugin <= 4.3.39 is vulnerable to Broken Access Control

Software BizPrint Type Plugin Vulnerable versions = 4.3.39 Fixed in 4.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32777 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID c14f75079ee7 Credits Joshua Chan Required privilege...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress StreamWeasels Twitch Integration Plugin <= 1.7.8 is vulnerable to Sensitive Data Exposure

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32716 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eec287347b22 Credits Majed Refa...

WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

WordPress The Pack Elementor addons Plugin <= 2.0.8.2 is vulnerable to Server Side Request Forgery (SSRF)

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.8.2 Fixed in 2.0.8.3 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32718 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 86389b782087...

WordPress Vision Interactive Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software Vision Interactive Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32779 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed5556ff45af Credits Steven Julian Required...

WordPress Appointment Hour Booking Plugin <= 1.4.56 is vulnerable to Other Vulnerability Type

Software Appointment Hour Booking Type Plugin Vulnerable versions = 1.4.56 Fixed in 1.4.57 OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2024-32720 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 228e58c3426d Credits Mochamad Sofyan...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

WordPress Email Customizer for WooCommerce Plugin <= 2.6.0 is vulnerable to Sensitive Data Exposure

Software Email Customizer for WooCommerce Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-32781 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bb85c76645da Credits Emili...

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...

WordPress CookieHub Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software CookieHub Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32784 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf6c0519f789 Credits Abdi Pranata Required privilege...

WordPress Coupon & Discount Code Reveal Button Plugin <=1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Coupon & Discount Code Reveal Button Type Plugin Vulnerable versions =1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID abdf37204c70 Credits emad Required...

WordPress WP GoToWebinar Plugin <= 14.46 is vulnerable to Broken Access Control

Software WP GoToWebinar Type Plugin Vulnerable versions = 14.46 Fixed in 15.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dac08fd623ab Credits Abdi Pranata Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.94 is vulnerable to Arbitrary File Upload

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.94 Fixed in 1.3.95 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-1567 Patch priority High CVSS severity High 8.2 Developer WProyal PSID 7b79f8ce62d8 Credits wesley wcraft Required...