WordPress Top Bar Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Top Bar Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1660 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c5d854410a5 Credits Dmitrii Ignatyev Required privileg...

WordPress Inline Related Posts Plugin < 3.6.0 is vulnerable to Broken Access Control

Software Inline Related Posts Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c2f0b627f547 Credits Krzysztof Zając CERT PL...

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...

WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Scripting (XSS)

Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2857 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8f6e6e1aab1 Credits Bob Matyas...

WordPress DethemeKit For Elementor Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c3d2d2de543b Credits Khalid Yusuf Required privile...

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

WordPress WooCommerce Customers Manager Plugin < 29.7 is vulnerable to SQL Injection

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.7 Fixed in 29.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0399 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3c8fe0630d48 Credits Ivan Spiridonov Required privilege...

WordPress NPS computy Plugin < 2.7.6 is vulnerable to Cross Site Scripting (XSS)

Software NPS computy Type Plugin Vulnerable versions 2.7.6 Fixed in 2.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1754 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3449f6b4bc3 Credits Bob Matyas Required privilege...

WordPress Code Insert Manager (Q2W3 Inc Manager) Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Code Insert Manager Q2W3 Inc Manager Type Plugin Vulnerable versions = 2.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32547 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID c408b8a3e4fc Credits Dimas Maulana...

WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment Plugin <= 2.6.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Appointment Bookings for Zoom GoogleMeet and more – Wappointment Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32454 Patch priority Low CVSS severity Low 4.4 Developer...

WordPress Jobs for WordPress Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32149 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8a1acfb2c60 Credits Khalid Yusuf Required privile...

WordPress Podlove Podcast Publisher Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32143 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID fc4ae0b13cd1 Credits Abdi Pranata...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to SQL Injection

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32128 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID df09fa02a23c Credits Joshua Chan Required privilege...

WordPress BA Book Everything Plugin <= 1.6.4 is vulnerable to SQL Injection

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32125 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d47407126364 Credits Thanh Nam Tran Required privilege Contributor...

WordPress Easy Contact Form Lite Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Easy Contact Form Lite Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1074c1b0d54 Credits Abdi Pranata Required privile...

WordPress InstaWP Connect Plugin <= 0.1.0.22 is vulnerable to Arbitrary File Upload

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.22 Fixed in 0.1.0.23 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2667 Patch priority High CVSS severity High 10 Developer InstaWP PSID 6dfa02024fd7 Credits AtaTurk1925 Required privilege...

WordPress Download Manager Plugin <= 3.2.82 is vulnerable to Bypass Vulnerability

Software Download Manager Type Plugin Vulnerable versions = 3.2.82 Fixed in 3.2.83 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-32131 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d970a3e505ee Credits Liu Shaohong Required...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...

WordPress SEO Booster Plugin <= 3.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software SEO Booster Type Plugin Vulnerable versions = 3.8.9 Fixed in 3.8.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-32438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3512a5ab10e4 Credits Joshua Chan Required privile...

WordPress BWL Advanced FAQ Manager Plugin <= 2.0.3 is vulnerable to SQL Injection

Software BWL Advanced FAQ Manager Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32136 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3156ca152b4d Credits Ivan Spiridonov Required privilege...