WordPress Otter - Gutenberg Block Plugin <= 3.0.3 is vulnerable to Broken Access Control

Software Otter - Gutenberg Block Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-51671 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 1f22a7b87ab8 Credits Rafie Muhammad...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51670 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ac0a5665f555 Credits casol...

WordPress Paytium Plugin <= 4.4.10 is vulnerable to Broken Access Control

Software Paytium Type Plugin Vulnerable versions = 4.4.10 Fixed in 4.4.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-51667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f67b49ade6f3 Credits Trương Hữu Phúc truonghuuphuc...

WordPress aThemes Addons for Elementor Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software aThemes Addons for Elementor Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51675 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1a41b721e0 Credits Khalid Yusuf Required...

WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection

Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...

WordPress SIP Reviews Shortcode for WooCommerce Plugin <= 1.2.3 is vulnerable to SQL Injection

Software SIP Reviews Shortcode for WooCommerce Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6479 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID dfe9c064baeb Credits WordFence Required privilege...

WordPress MPG Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61dc998feee8 Credits Rafshanzani Suhada Required privilege...

WordPress Audio Comparison Lite Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Audio Comparison Lite Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0a5a84c2cb69 Credits SOPROBRO Required privilege...

WordPress Website price calculator Plugin <= 4.1 is vulnerable to SQL Injection

Software Website price calculator Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51601 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 363bcb5a02a5 Credits LVT-tholv2k Required privilege Contributor...

WordPress Elementary Addons Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Elementary Addons Type Plugin Vulnerable versions = 2.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51586 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3940bbe2b1c Credits Gab Required privilege Contributor...

WordPress WP Hotel Booking Plugin <= 2.1.4 is vulnerable to Local File Inclusion

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-51582 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5c0a345b0a12 Credits ghsinfosec Required privilege Contributor...

WordPress Bonway Static Block Editor Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Bonway Static Block Editor Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50549 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca2cd09f42a7 Credits SOPROBRO Required privilege...

WordPress RSVP ME Plugin <= 1.9.9 is vulnerable to SQL Injection

Software RSVP ME Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50544 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1e22cf9c262a Credits LVT-tholv2k Required privilege Contributor Published 31...

WordPress amazing neo icon font for elementor Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software amazing neo icon font for elementor Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50543 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 973c64009b42 Credits Gab Required privile...

WordPress Get Quote For Woocommerce Plugin <= 1.0.0 is vulnerable to Broken Access Control

Software Get Quote For Woocommerce Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9430 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed4687422c20 Credits stehled Required...

WordPress Stars SMTP Mailer Plugin <= 1.7 is vulnerable to Arbitrary File Upload

Software Stars SMTP Mailer Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50530 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f048023ff8ae Credits stealthcopter Required privilege Subscrib...

WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload

Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50526 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 077c15d9e1a1 Credits stealthcopter Required privilege...

WordPress ID-SK Toolkit Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software ID-SK Toolkit Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50517 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f37480f4086 Credits Gab Required privilege Contributor Publish...

WordPress Administrator Z Plugin <= 2024.11.20 is vulnerable to SQL Injection

Software Administrator Z Type Plugin Vulnerable versions = 2024.11.20 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50524 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 23203529cd48 Credits stealthcopter Required privilege Subscriber...

WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication

Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9988 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4336600a033e Credits István Márton...