WordPress File Manager Plugin <= 7.2.1 is vulnerable to Path Traversal

Software File Manager Type Plugin Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2023-6825 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 7f2548079631 Credits Tobias Weißhaar kun19 Required privilege...

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Broken Access Control

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45000 Patch priority High CVSS severity High 8.2 Developer Hai Zheng / Lite Speed Cache PSID b9853af17bd3 Credits Rafie Muhammad...

WordPress Tabs Shortcode and Widget Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Shortcode and Widget Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b7bc2e300121 Credits Dmitrii Ignatyev...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.41 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.41 Fixed in 2.3.42 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1217 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID b229d70e3a1f...

WordPress Action Network Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Action Network Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25921 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24b8e111dbfb Credits Mika Required privilege...

WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Software WooCommerce Easy Checkout Field Editor, Fees & Discounts Type Plugin Vulnerable versions = 3.5.12 Fixed in 3.5.13 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25925 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a8071054e8b4 Credi...

WordPress Bricks Builder Theme <= 1.9.6 is vulnerable to Remote Code Execution (RCE)

Software Bricks Builder Type Theme Vulnerable versions = 1.9.6 Fixed in 1.9.6.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25600 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58c6c492a8d0 Credits Snicco Required privilege...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1339 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8c1f1233fec Credi...

WordPress MoveTo Plugin <= 6.2 is vulnerable to Denial of Service Attack

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Denial of Service Attack CVE CVE-2024-25911 Patch priority Medium CVSS severity Medium 8.6 Developer Claim ownership PSID fbded13be6d8 Credits Dave Jong Patchstack Required...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0983 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3893271a34ec Credits Frances...

WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25905 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c40d82e8e1e2 Credits Benmalek Aymen...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1334 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2cae2af18e64 Credi...

WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.5.13 Fixed in 7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24879 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d3a58aec2719 Credits Yudistira Arya Required privilege...

WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software PT Sign Ups Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24848 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c0bd535867dc Credits Faizal Abroni Required privilege...

WordPress PowerPack Pro for Elementor Plugin <= 2.10.6 is vulnerable to Settings Change

Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.10.6 Fixed in 2.10.8 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-24844 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ad539f87b78f Credits Dave Jong Patchstac...

WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software GDPR Data Request Form Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fd021f643aa Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress WP Dummy Content Generator Plugin <= 3.1.2 is vulnerable to Broken Access Control

Software WP Dummy Content Generator Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24805 Patch priority Low CVSS severity Low 4.3 Developer Deepak Anand PSID cb426eb88b79 Credits Huynh Tien Si Require...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6.1 Fixed in 1.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0796 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38672ca79125...

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Broken Access Control

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9624a396772c Credits Francesco Carlucci Required privilege...