WordPress Product Filter by WBW Plugin <= 2.7.0 is vulnerable to SQL Injection

Software Product Filter by WBW Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6688f0876dc2 Credits Hakiduck Required privilege Administrator...

WordPress HD Quiz – Save Results Light Plugin <= 0.5 is vulnerable to Broken Access Control

Software HD Quiz – Save Results Light Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 904268a13b03 Credits Fariq Fadillah Gusti...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.3.5 is vulnerable to Sensitive Data Exposure

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.36 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-49683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb194b3fd454 Credits Joshua...

WordPress iBryl Switch User Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software iBryl Switch User Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-49675 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e670b280f106 Credits...

WordPress LaTeX2HTML Plugin <= 2.5.4 is vulnerable to Cross Site Scripting (XSS)

Software LaTeX2HTML Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49673 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 14e6f2ad72df Credits Muhamad Agil Fachrian Required...

WordPress AI Image Generator for Your Content & Featured Images – AI Postpix Plugin <= 1.1.8 is vulnerable to Arbitrary File Upload

Software AI Image Generator for Your Content & Featured Images – AI Postpix Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-49671 Patch priority High CVSS severity High 9.9 Developer Claim ownership...

WordPress Verbalize WP Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Verbalize WP Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49668 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5d5cf04a7cde Credits stealthcopter Required privilege Unauthenticate...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9588 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bde2763e61f5 Credits Istv...

WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2b353481dee7 Credits John Castro Required privilege...

WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Deletion

Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49657 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 209728d5f5a9 Credits stealthcopter Required privilege...

WordPress Debrandify Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Debrandify Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9674 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0ed7b307aa52 Credits Francesco Carlucci Required...

WordPress Time Clock Pro Plugin <= 1.1.4 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Pro Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9837dd0a77ff Credits István Márton Required privilege...

WordPress Time Clock Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID ba1ac64c553d Credits István Márton Required privilege...

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.9 is vulnerable to Sensitive Data Exposure

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9889 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7d169fa5766f Credits Ankit...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.3 is vulnerable to SQL Injection

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25218 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6b8bcb14a865 Credits Ala Arfaoui...

WordPress StreamWeasels Twitch Integration Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 924e5605229d Credits Peter...

WordPress Duplicate Title Validate Plugin <= 1.0 is vulnerable to SQL Injection

Software Duplicate Title Validate Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49623 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62fe8295ce3c Credits Muhamad Agil Fachrian Required privilege...

WordPress Advanced Advertising System Plugin <= 1.3.1 is vulnerable to PHP Object Injection

Software Advanced Advertising System Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02d433e2c1ec Credits Mika Required privilege...

WordPress FERMA.ru.net Plugin <= 1.3.3 is vulnerable to SQL Injection

Software FERMA.ru.net Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49620 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 8b411d57045c Credits LVT-tholv2k Required privilege Subscriber Published ...