WordPress Qi Addons For Elementor Plugin <= 1.8.0 is vulnerable to Sensitive Data Exposure

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9530 Patch priority Low CVSS severity Low 4.3 Developer Qode Interactive PSID 6f7683e106bb Credits Ankit Patel...

WordPress Download Plugin Plugin <= 2.2.0 is vulnerable to Broken Access Control

Software Download Plugin Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9829 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da1ab1cf4af2 Credits WordFence Required...

WordPress WooCommerce Order Proposal Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software WooCommerce Order Proposal Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9927 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d873b6f7fa89 Credit...

WordPress DocumentPress Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DocumentPress Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9ccb703f5e18 Credits Mika Required privilege Unauthenticate...

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to Sensitive Data Exposure

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8852 Patch priority Low CVSS severity Low 5.3 Developer ServMask, Inc PSID 1b517ae2c2c6 Credits villu164 Required...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9589 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c6a133f113d Credits István...

WordPress TeploBot - Telegram Bot for WP Plugin <= 1.3 is vulnerable to Sensitive Data Exposure

Software TeploBot - Telegram Bot for WP Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-9627 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 5b587e0ba22b Credits István Márton...

WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...

WordPress Woocommerce Custom Profile Picture Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Woocommerce Custom Profile Picture Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49658 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID a92aac6ed113 Credits stealthcopter Required...

WordPress WP ERP Plugin <= 1.13.2 is vulnerable to Cross Site Scripting (XSS)

Software WP ERP Type Plugin Vulnerable versions = 1.13.2 Fixed in 1.13.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47640 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f966aa5626b2 Credits Le Ngoc Anh Required privilege...

WordPress Simple Custom Admin Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Custom Admin Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49647 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3970364b5682 Credits Mika Required privilege...

WordPress Affiliate Platform Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Platform Type Plugin Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49645 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e63013ed9d44 Credits Mika Required privilege...

WordPress Tida URL Screenshot Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Tida URL Screenshot Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49641 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 97c4a19331ca Credits Mika Required privilege...

WordPress ACL Floating Cart for WooCommerce Plugin <= 0.9 is vulnerable to Cross Site Scripting (XSS)

Software ACL Floating Cart for WooCommerce Type Plugin Vulnerable versions = 0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49640 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4827b6dd4102 Credits Mika Required...

WordPress Monitor.chat Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Monitor.chat Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49639 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c019b6d72e6e Credits Mika Required privilege Unauthenticat...

WordPress Bet WC 2018 Russia Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Bet WC 2018 Russia Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49637 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4d264180c24 Credits Le Ngoc Anh Required privilege...

WordPress Banner Slider Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Banner Slider Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49635 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54728b0228c3 Credits João Pedro S Alcântara Kinorth Require...

WordPress BP Member Type Manager Plugin <= 1.01 is vulnerable to Cross Site Scripting (XSS)

Software BP Member Type Manager Type Plugin Vulnerable versions = 1.01 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49634 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ae38971a18f4 Credits João Pedro S Alcântara Kinor...

WordPress Event Manager for WooCommerce Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6440b4e0449 Credits João Pedro S Alcântara...

WordPress Robo Gallery Plugin <= 3.2.21 is vulnerable to Cross Site Scripting (XSS)

Software Robo Gallery Type Plugin Vulnerable versions = 3.2.21 Fixed in 3.2.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49696 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 364c0d5e3b1f Credits Robert DeVore Required privilege Author...