WordPress Shortlinks by Pretty Links Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Shortlinks by Pretty Links Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29770 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1b0efcde695 Credits Rafie Muhammad...

WordPress Shipping with Venipak for WooCommerce Plugin <= 1.19.5 is vulnerable to Cross Site Scripting (XSS)

Software Shipping with Venipak for WooCommerce Type Plugin Vulnerable versions = 1.19.5 Fixed in 1.19.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29805 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5b7b5db66a39 Credits Le Ngoc...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

WordPress Doneren met Mollie Plugin <= 2.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Doneren met Mollie Type Plugin Vulnerable versions = 2.10.2 Fixed in 2.10.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29767 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fb2480f842b8 Credits Dimas Maulana Required...

WordPress Calculated Fields Form Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29759 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 65b9391ce7f8 Credits Rafie Muhammad Patchsta...

WordPress Easy Social Share Buttons Plugin <= 9.4 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4ed0dcb5dd6 Credits Rafie Muhammad Patchstack...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.93 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.93 Fixed in 1.5.94 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29792 Patch priority Medium CVSS severity Medium 7.1 Developer Unlimited Elements PSID...

WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Broken Access Control

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2702 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 277d1e4e3b86 Credits Yudistira Arya...

WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure

Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...

WordPress Restrict User Access – Membership Plugin with Force Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Restrict User Access – Membership Plugin with Force Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29138 Patch priority Medium CVSS severity Medium 7.1 Developer DEV Institute PSID 211a6e23f622 Credits...

WordPress Tourfic Plugin <= 2.11.7 is vulnerable to Cross Site Scripting (XSS)

Software Tourfic Type Plugin Vulnerable versions = 2.11.7 Fixed in 2.11.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29137 Patch priority Medium CVSS severity Medium 7.1 Developer Themefic PSID 46fbea9a6c10 Credits LVT-tholv2k Required privilege Unauthenticate...

WordPress WooThumbs for WooCommerce by Iconic Plugin <= 5.5.3 is vulnerable to Cross Site Scripting (XSS)

Software WooThumbs for WooCommerce by Iconic Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29116 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d034def295d9 Credits Dave Jong...

WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...

WordPress Database for Contact Form 7 Plugin <= 3.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Database for Contact Form 7 Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29103 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1d2cfc35a61d Credits RE-ALTER Required...

WordPress Crisp Plugin <= 0.44 is vulnerable to Cross Site Scripting (XSS)

Software Crisp Type Plugin Vulnerable versions = 0.44 Fixed in 0.45 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27963 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d24f23d72736 Credits stealthcopter Required privilege Subscriber...

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...

WordPress Zippy Plugin <= 1.6.9 is vulnerable to Arbitrary File Upload

Software Zippy Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.6.10 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-27964 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID f32b93d01376 Credits stealthcopter Required...

WordPress Newsletter2Go Plugin <= 4.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter2Go Type Plugin Vulnerable versions = 4.0.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1328 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1277fbb17528 Credits Francesco Carlucci...

WordPress Auto Affiliate Links Plugin <= 6.4.3 is vulnerable to Broken Access Control

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3 Fixed in 6.4.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1843 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 446cb40c7edd Credits Lucio Sá Required...

WordPress Happy Addons for Elementor Plugin <= 3.10.3 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.10.3 Fixed in 3.10.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1366 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID d2918b7cdf49 Credits wesley wcraft Requir...