WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Order Delivery Date for WP e-Commerce Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0678 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f553bdb479d Credits...

WordPress Post Video Players Plugin <= 1.159 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Video Players Type Plugin Vulnerable versions = 1.159 Fixed in 1.160 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-23515 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b56876f978eb Credits Skalucy Required...

WordPress illi Link Party! Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software illi Link Party! Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-7229 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 45a400104ef2 Credits Bob Matyas Required...

WordPress Amelia Plugin <= 1.0.98 is vulnerable to Broken Access Control

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-22298 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 1d2002f1be74 Credits Abdi Pranata Required privileg...

WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Settings Change

Software SalesKing Type Plugin Vulnerable versions = 1.6.15 Fixed in 1.6.30 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-22156 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 22c1687edcfd Credits Dave Jong Patchstack Required...

WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22162 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7480c3835543 Credits Dhabaleshwar Das Required...

WordPress Post views Stats Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Post views Stats Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22289 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3725fdc02a73 Credits Dimas Maulana Required privilege...

WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Privilege Escalation

Software SalesKing Type Plugin Vulnerable versions = 1.6.15 Fixed in 1.6.30 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-22157 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4637bea851f1 Credits Dave Jong Patchstack Required...

WordPress WP Smart Editor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Smart Editor Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22148 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 283e36beca35 Credits Dimas Maulana Required privilege...

WordPress Custom Twitter Feeds (Tweets Widget) Plugin < 2.2 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:smashballoon:customtwitterfeeds"; if description...

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.7.5 is vulnerable to SQL Injection

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.7.5 Fixed in 3.7.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-22147 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 690e011aa8bf Credits Yudistira Arya Required...

WordPress The Events Calendar Plugin <= 6.2.8.2 is vulnerable to Sensitive Data Exposure

Software The Events Calendar Type Plugin Vulnerable versions = 6.2.8.2 Fixed in 6.2.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6557 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 4e6ed43ca389 Credits Nicolas...

WordPress InstaWP Connect Plugin <= 0.1.0.8 is vulnerable to Privilege Escalation

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.8 Fixed in 0.1.0.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-22145 Patch priority High CVSS severity High 8.8 Developer InstaWP PSID f661e38694ec Credits Majed Refae...

WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Spell Check Type Plugin Vulnerable versions = 9.17 Fixed in 9.18 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-22143 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9ea79b610365 Credits Mika Required privileg...

WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload

Software Order Export & Order Import for WooCommerce Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.4.4 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-22135 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID cc645a98d1b8 Credits Dateoljo ...

WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Profile Builder Pro Type Plugin Vulnerable versions = 3.10.0 Fixed in 3.10.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-22140 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 81245bbcdd5e Credits Dave Jong...

WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form 7 Connector Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29ab020c5c41 Credits WordFence Required...

WordPress Word Replacer Pro Plugin <= 1.0 is vulnerable to Broken Access Control

Software Word Replacer Pro Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-52229 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 214b09832f8e Credits thiennv Required privilege...

WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.8 Fixed in 1.12.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-21747 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID bff329846441 Credits Arvandy Required privilege Accounting Manager...

WordPress Booster Plus for WooCommerce Plugin < 7.1.2 is vulnerable to Arbitrary Content Deletion

Software Booster Plus for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-52232 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c6f3c3864370 Credits Dave Jo...