WordPress Extensions by HocWP Team Plugin <= 0.2.3.2 is vulnerable to Broken Authentication

Software Extensions by HocWP Team Type Plugin Vulnerable versions = 0.2.3.2 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9930 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7d51f78c234b Credit...

WordPress Kata Plus Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Kata Plus Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50501 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 710165188cb5 Credits Michael Required privilege Contributor...

WordPress Acnoo Flutter API Plugin <= 1.0.5 is vulnerable to Privilege Escalation

Software Acnoo Flutter API Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50486 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 69fb59b59cf8 Credits...

WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...

WordPress Woocommerce Product Design Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Woocommerce Product Design Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50482 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 410808c7ca79 Credits Bonds Required privilege...

WordPress Signup Page Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Signup Page Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15ed63623277 Credits Mika Required...

WordPress Marketing Automation by AZEXO Plugin <= 1.27.80 is vulnerable to Arbitrary File Upload

Software Marketing Automation by AZEXO Type Plugin Vulnerable versions = 1.27.80 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50480 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 9dfc47a07621 Credits stealthcopter Required...

WordPress Ajar in5 Embed Plugin <= 3.1.3 is vulnerable to Arbitrary File Upload

Software Ajar in5 Embed Type Plugin Vulnerable versions = 3.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50473 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 049a1a1b0c36 Credits CTRL Chance Required privilege...

WordPress GRÜN spendino Spendenformular Plugin <= 1.0.1 is vulnerable to Privilege Escalation

Software GRÜN spendino Spendenformular Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50476 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6ea142807fb0...

WordPress Stacks Mobile App Builder Plugin <= 5.2.3 is vulnerable to Broken Authentication

Software Stacks Mobile App Builder Type Plugin Vulnerable versions = 5.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50477 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02ff662824ca Credit...

WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Broken Authentication

Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 140fce8f5a83 Credits István...

WordPress Plugin Propagator Plugin <= 0.1 is vulnerable to Arbitrary File Upload

Software Plugin Propagator Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50495 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8034c466a94c Credits stealthcopter Required privilege...

WordPress Meta News Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Meta News Type Theme Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50435 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d90fa015825d Credits tahu.datar Required privilege Unauthenticated...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9864 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1a0ade328fdb Credits zer0gh0st Required...

WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...

WordPress Mapster WP Maps Plugin <= 1.5.0 is vulnerable to Settings Change

Software Mapster WP Maps Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Settings Change CVE CVE-2024-9235 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID b9bebd7cfde8 Credits Sean Murphy Required privilege Contributor...

WordPress App Builder Plugin <= 5.3.7 is vulnerable to Broken Authentication

Software App Builder Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A3: Injection Classification Broken Authentication CVE CVE-2024-9302 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 82e5ff2f8d20 Credits wesley wcraft Required privilege...

WordPress WooCommerce UPS Shipping – Live Rates and Access Points Plugin <= 2.3.11 is vulnerable to Broken Access Control

Software WooCommerce UPS Shipping – Live Rates and Access Points Type Plugin Vulnerable versions = 2.3.11 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9109 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3cccbff59...

WordPress wpDiscuz Plugin <= 7.6.24 is vulnerable to Broken Authentication

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.24 Fixed in 7.6.25 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9488 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c3cf059c4b56 Credits wesley wcraf...

WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal

Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...