WordPress LeanPress Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software LeanPress Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52483 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d51df0763090 Credits Zlrqh Required privilege Unauthenticated...

WordPress Ortto Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Ortto Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52482 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b5d486dfe4b Credits Le Ngoc Anh Required privilege...

WordPress Ultimate Classified Listings Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Classified Listings Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52487 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a096bde3e29d Credits Fariq Fadillah Gusti...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc2c8b0bae5b Credits Peter...

WordPress GamiPress Plugin <= 7.1.5 is vulnerable to Broken Access Control

Software GamiPress Type Plugin Vulnerable versions = 7.1.5 Fixed in 7.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11036 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 528614ec92ef Credits Arkadiusz Hydzik Required...

WordPress Jobify - Job Board WordPress Theme Theme <= 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52478 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1dc3663080eb Credits Ananda Dhakal Patchsta...

WordPress WPB Popup for Contact Form 7 Plugin <= 1.7.5 is vulnerable to Broken Access Control

Software WPB Popup for Contact Form 7 Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b3456d161fd Credits Arkadiusz...

WordPress Express Payments Module Plugin <= 1.1.8 is vulnerable to SQL Injection

Software Express Payments Module Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52474 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d7d5c29bb8d4 Credits LVT-tholv2k Required privilege...

WordPress Wc Recently viewed products Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Wc Recently viewed products Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7628634c1296 Credits Muhamad Agil Fachrian...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10872 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2813c069cfe Credits stealthcopt...

WordPress ProfileGrid Plugin <= 5.9.3.6 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.6 Fixed in 5.9.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10900 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7fdd2a43e49 Credits 1337Wannabe Required...

WordPress Customer Reviews for WooCommerce Plugin <= 5.61.0 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.61.0 Fixed in 5.62.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10614 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce10b4d9cbd7 Credits incognito...

WordPress Google for WooCommerce Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure

Software Google for WooCommerce Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10486 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aafd7d494c83 Credits Francesco Carlucci...

WordPress Dynamic URL SEO Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Dynamic URL SEO Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52470 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f710c58fedfc Credits Mika Required privilege...

WordPress WooCommerce Price Alert Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Price Alert Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64532f957694 Credits Mika Required privilege...

WordPress Bootscraper Plugin <= 2.1.0 is vulnerable to Local File Inclusion

Software Bootscraper Type Plugin Vulnerable versions = 2.1.0 Fixed in 4.0.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52449 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 54a81d2931c0 Credits tahu.datar Required privilege Unauthenticate...

WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...

WordPress HTML5 Lyrics Karaoke Player Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software HTML5 Lyrics Karaoke Player Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52473 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bd318a16984e Credits João Pedro S Alcântara...

WordPress Elfsight Telegram Chat CC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Elfsight Telegram Chat CC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10390 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fba1da063a Credits István...

WordPress Open edX LMS Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Open edX LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52452 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 991dc17302e9 Credits Mika Required privilege Unauthenticat...