WordPress SmartSearch WP Plugin < 2.4.6 is vulnerable to Sensitive Data Exposure

Software SmartSearch WP Type Plugin Vulnerable versions 2.4.6 Fixed in 2.4.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6845 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID e581162ffbea Credits Kieran Burge Required...

WordPress Cities Shipping Zones for WooCommerce Plugin <= 1.2.7 is vulnerable to Local File Inclusion

Software Cities Shipping Zones for WooCommerce Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47309 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID c08e4b974d56 Credits h0j3n Required...

WordPress WP ULike Plugin < 4.7.4 is vulnerable to Cross Site Scripting (XSS)

Software WP ULike Type Plugin Vulnerable versions 4.7.4 Fixed in 4.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6efbbe7dce64 Credits Bob Matyas Required privilege...

WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Broken Access Control

Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8350 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID d89e217025ab Credits Karl Emil Nikka...

WordPress Bit Form plugin <= 2.13.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Bit Form versions = 2.13.10...

WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Checkout Mestres WP versions = 8.6...

WordPress ABCApp Creator plugin <= 1.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin ABCApp Creator versions = 1.1.2...

WordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Truepush versions = 1.0.8...

WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Users Control versions = 1.0.16...

WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability

Local File Inclusion to RCE vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Vmax Project Manager versions = 1.0...

WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin VR Calendar versions = 2.4.0...

WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WP Newsletter Subscription versions = 1.1...

WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WP Ticket Ultra Help Desk & Support Plugin versions = 1.0.5...

WordPress WPSPX plugin <= 1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WPSPX versions = 1.0.2...

WordPress CSS JS Files Plugin <= 1.5.0 is vulnerable to Directory Traversal

Software CSS JS Files Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-9146 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID eaa2d0720275 Credits jsjp Required privilege Administrator Published...

WordPress WP Newsletter Subscription Plugin <= 1.1 is vulnerable to Local File Inclusion

Software WP Newsletter Subscription Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44012 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 47db4abe89e4 Credits tahu.datar Required privilege...

WordPress Daily Prayer Time Plugin <= 2024.08.26 is vulnerable to SQL Injection

Software Daily Prayer Time Type Plugin Vulnerable versions = 2024.08.26 Fixed in 2024.09.14 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8621 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID bdae70687f12 Credits Krzysztof Zając Required privilege...

WordPress ABCApp Creator Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software ABCApp Creator Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44023 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7fc9717656e2 Credits tahu.datar Required privilege Unauthenticat...

WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Crowdsignal Dashboard – Polls, Surveys & more Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43338 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64165e457270...

WordPress Contact Form to Any API Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7617 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8a05dbbe144d Credits Jorgson...