WordPress DigiPass Plugin <= 0.3.0 is vulnerable to Arbitrary File Download

Software DigiPass Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2024-52378 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dbfd2eb97192 Credits stealthcopter Required privilege Unauthenticat...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Plugin <= 2.4.9 is vulnerable to Arbitrary File Upload

Software Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52384 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID...

WordPress Datasets Manager by Arttia Creative Plugin <= 1.5 is vulnerable to Arbitrary File Upload

Software Datasets Manager by Arttia Creative Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52375 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c894c89a63d1 Credits stealthcopter Required...

WordPress Boat Rental Plugin for WordPress Plugin <= 1.0.1 is vulnerable to Arbitrary File Upload

Software Boat Rental Plugin for WordPress Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52376 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3fb792ad560d Credits stealthcopter Required...

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

WordPress Redirecter Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Redirecter Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51855 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dfdafabcd66b Credits SOPROBRO Required privilege Contributor Publish...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

WordPress EventPress Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software EventPress Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51861 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2952d5f238c Credits SOPROBRO Required privilege Contributor...

WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal

Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...

WordPress Adventure Bucket List Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Adventure Bucket List Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51908 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a843ca67ed0 Credits SOPROBRO Required privilege...

WordPress GreenCon Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software GreenCon Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51926 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a0742eb73fa Credits Gab Required privilege Contributor Published 8...

WordPress Envo Extra Plugin <= 1.9.3 is vulnerable to Sensitive Data Exposure

Software Envo Extra Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10770 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c74e911b1aae Credits Francesco Carlucci Required privilege...

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

WordPress Landing Page Cat Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a9da6507309 Credits vgo0 Required...

WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...

WordPress Pro Addons For Elementor Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Pro Addons For Elementor Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51812 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b0c22c1328af Credits Gab Required privilege...

WordPress Audio Record Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Audio Record Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51792 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6342416d8183 Credits stealthcopter Required privilege Unauthenticate...

WordPress HB AUDIO GALLERY Plugin <= 3.0 is vulnerable to Arbitrary File Upload

Software HB AUDIO GALLERY Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51790 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 40d2c24127c2 Credits stealthcopter Required privilege...