WordPress CDI Plugin <= 5.5.3 is vulnerable to Arbitrary File Upload

Software CDI Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52398 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a3849d91bb27 Credits Joshua Chan Required privilege Shop manager...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...

WordPress Debug Tool Plugin <= 2.2 is vulnerable to Remote Code Execution (RCE)

Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52416 Patch priority Medium CVSS severity Medium 10 Developer Claim ownership PSID d30460ac8a3a Credits Mika Required privilege Unauthenticated...

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...

kernel: drm/i915/gt: Reset queue_priority_hint on parking

A flaw was found in the i915 module in the Linux kernel. Under some conditions, an assertion failure can be triggered and cause a denial of service...

WordPress Futurio Extra Plugin <= 2.0.13 is vulnerable to Broken Access Control

Software Futurio Extra Type Plugin Vulnerable versions = 2.0.13 Fixed in 2.0.14 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10695 Patch priority Low CVSS severity Low 4.3 Developer FuturioWP PSID 162172e1702f Credits Francesco Carlucci Required privile...

WordPress Relais 2FA Plugin <= 1.0 is vulnerable to Broken Authentication

Software Relais 2FA Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 461a7cd31084 Credits István Márton...

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Redirect & Thank You Page Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10685 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b725076f7fcb...

WordPress MPG Plugin <= 4.0.2 is vulnerable to Path Traversal

Software MPG Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-10672 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 3c7693c48068 Credits Arkadiusz Hydzik Required privilege Editor...

WordPress RSS Feed Widget Plugin < 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Feed Widget Type Plugin Vulnerable versions 3.0.1 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9835 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a28316c34943 Credits Bob Matyas Required...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

WordPress Advanced Form Integration Plugin <= 1.92.0 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Form Integration Type Plugin Vulnerable versions = 1.92.0 Fixed in 1.92.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8dcdef7d81d Credits Peter...

WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

WordPress Boat Rental Plugin for WordPress Plugin <= 1.0.1 is vulnerable to Arbitrary File Upload

Software Boat Rental Plugin for WordPress Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52376 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3fb792ad560d Credits stealthcopter Required...

WordPress Devexhub Gallery Plugin <= 2.0.1 is vulnerable to Arbitrary File Upload

Software Devexhub Gallery Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52373 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 41326b5950fa Credits stealthcopter Required privilege...

WordPress Easy CSV Importer BETA Plugin <= 7.0.0 is vulnerable to Arbitrary File Upload

Software Easy CSV Importer BETA Type Plugin Vulnerable versions = 7.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52372 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 760bb0fc208a Credits stealthcopter Required privilege...

WordPress Master Addons for Elementor Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.6.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52387 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fab3ef01c18f Credits Michael Required privilege...

WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Plugin <= 2.4.9 is vulnerable to Arbitrary File Upload

Software Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52384 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID...

WordPress ZIJ KART Plugin <= 1.1 is vulnerable to Local File Inclusion

Software ZIJ KART Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52381 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 026490b9e405 Credits stealthcopter Required privilege Unauthenticated...