WordPress Essential Blocks for Gutenberg Plugin <= 4.4.9 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30467 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 54c35d565aef Credits Rafie Muhamma...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

WordPress Element Pack Elementor Addons Plugin <= 5.5.3 is vulnerable to SQL Injection

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30496 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3d0133376896 Credits Rafie Muhammad Patchstack Required...

WordPress Nexter Blocks Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Nexter Blocks Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30435 Patch priority Medium CVSS severity Medium 7.1 Developer POSIMYTH Innovations PSID 6b7745362c68 Credits LVT-tholv2k Required privileg...

WordPress All In One Redirection Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software All In One Redirection Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30506 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 13d4332eeeeb Credits Pham Ho Anh Dung Required...

WordPress Media Library Folders Plugin <= 8.1.7 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.1.7 Fixed in 8.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30486 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 07c50fa94bf4 Credits Le Ngoc Anh Required privilege Author...

WordPress YITH WooCommerce Account Funds Premium Plugin <= 1.33.0 is vulnerable to Broken Access Control

Software YITH WooCommerce Account Funds Premium Type Plugin Vulnerable versions = 1.33.0 Fixed in 1.34.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30470 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c87cc5ed5cea Credit...

WordPress WP Travel Engine Plugin <= 5.7.9 is vulnerable to SQL Injection

Software WP Travel Engine Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30502 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 275fbb9060ec Credits Yudistira Arya Required privilege...

WordPress BEAR Plugin <= 1.1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software BEAR Type Plugin Vulnerable versions = 1.1.4.2 Fixed in 1.1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30200 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c6d05b2fb54 Credits Rafie Muhammad Patchstack Required...

WordPress Favicon Rotator Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Favicon Rotator Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-28001 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e90080f8961c Credits Rafie Muhammad Patchstack...

WordPress WholesaleX Plugin <= 1.3.2 is vulnerable to PHP Object Injection

Software WholesaleX Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30224 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4891ade0b03a Credits Rafie Muhammad Patchstack Required privilege...

WordPress WP Migrate Plugin <= 2.6.10 is vulnerable to PHP Object Injection

Software WP Migrate Type Plugin Vulnerable versions = 2.6.10 Fixed in 2.6.11 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6b6e8d810b6a Credits Dave Jong Patchstack Required privilege...

WordPress FV Flowplayer Video Player Plugin <= 7.5.41.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.41.7212 Fixed in 7.5.44.7212 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22299 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f54d6f5d663 Credits Rafie...

WordPress WP-Lister Lite for Amazon Plugin <= 2.6.11 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for Amazon Type Plugin Vulnerable versions = 2.6.11 Fixed in 2.6.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2889 Patch priority Low CVSS severity Low 5.9 Developer WP Lab PSID d73aca6fb4f0 Credits Joshua Chan Required privilege...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.19 is vulnerable to Server Side Request Forgery (SSRF)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.19 Fixed in 3.2.20 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-23500 Patch priority Low CVSS severity Low 7.7 Developer KadenceWP PSID 12733422b1ab...

WordPress WP Editor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Editor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24700 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8185ba6a628 Credits Rafie Muhammad Patchstack Required...

WordPress GiveWP Plugin <= 3.4.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30229 Patch priority Medium CVSS severity Medium 8 Developer Liquid Web / StellarWP PSID 9a991fbaf7bc Credits Rafie Muhammad Patchstack Required...

WordPress Preview E-mails for WooCommerce Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Preview E-mails for WooCommerce Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b64b027ac25b Credits Rafie Muhammad...

WordPress Booster for WooCommerce Plugin <= 7.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.7 Fixed in 7.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29760 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ccd1007ae31 Credits Rafie Muhammad Patchstac...

WordPress SEO Backlink Monitor Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software SEO Backlink Monitor Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29907 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 62c1627bf899 Credits Dimas Maulana Required...