WordPress Tagembed Plugin <= 4.7 is vulnerable to Cross Site Scripting (XSS)

Software Tagembed Type Plugin Vulnerable versions = 4.7 Fixed in 4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32561 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 040c708c0568 Credits LVT-tholv2k Required privilege Contributor...

WordPress WP-Recall Plugin <= 16.26.5 is vulnerable to Insecure Direct Object References (IDOR)

Software WP-Recall Type Plugin Vulnerable versions = 16.26.5 Fixed in 16.26.6 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3904a35f5abe Credits Kyle Sanchez...

WordPress WooCommerce Google Feed Manager Plugin <= 2.4.2 is vulnerable to SQL Injection

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3067 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7ac4b8e7f509 Credits Krzysztof Zając Required privilege...

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...

WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection

Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...

WordPress CBX Bookmark & Favorite Plugin <= 1.7.20 is vulnerable to Cross Site Scripting (XSS)

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.20 Fixed in 1.7.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32577 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c797afa81115 Credits LVT-tholv2k Required privile...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32551 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4e8128ffc035 Credits CatFather Required privilege Author...

WordPress Attesa Extra Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Attesa Extra Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32594 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4bca51f18f29 Credits Khalid Yusuf Required privilege Contribut...

WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...

WordPress Jotform Online Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jotform Online Forms Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32527 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eac99777a8f Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Bulk Block Converter Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Block Converter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32542 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 805efd09a347 Credits Dimas Maulana Required...

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress Product Feed PRO for WooCommerce Plugin <= 13.3.1 is vulnerable to Sensitive Data Exposure

Software Product Feed PRO for WooCommerce Type Plugin Vulnerable versions = 13.3.1 Fixed in 13.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-32513 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 20d6ccb380e3 Credits...

WordPress Radio Player Plugin <= 2.0.73 is vulnerable to Sensitive Data Exposure

Software Radio Player Type Plugin Vulnerable versions = 2.0.73 Fixed in 2.0.74 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32506 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4e6e2407c28d Credits Steven Julian Required...

WordPress Canva – Design beautiful blog graphics Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Canva – Design beautiful blog graphics Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32545 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 803f9df04167 Credits Dimas Maula...

WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control

Software Smart Slider 3 Type Plugin Vulnerable versions = 3.5.1.22 Fixed in 3.5.1.23 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3027 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c46698c777af Credits Christiaan Swiers YouGina...

WordPress Carousel Slider Plugin < 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.7 Fixed in 2.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1712 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be0c9e02881f Credits Dmitrii Ignatyev Required...

WordPress Everest Backup Plugin < 2.2.5 is vulnerable to Arbitrary File Upload

Software Everest Backup Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-7201 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e4434e41add7 Credits Emad Required privilege Administrator Publish...

WordPress MJ Update History Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software MJ Update History Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32543 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f5d10b529f0 Credits Dimas Maulana Required privilege...

WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...