WordPress MyTweetLinks Plugin <= 1.1.1 is vulnerable to SQL Injection

Software MyTweetLinks Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49618 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 011544e8e2d0 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress SW Contact Form Plugin <= 1.0 is vulnerable to SQL Injection

Software SW Contact Form Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49612 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 50cfc368b184 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Product Website Showcase Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Product Website Showcase Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49611 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f26ca655ccfd Credits stealthcopter Required privilege...

WordPress photokit Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software photokit Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49610 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a740c666723d Credits stealthcopter Required privilege Unauthenticated...

WordPress Author Discussion Plugin <= 0.2.2 is vulnerable to SQL Injection

Software Author Discussion Type Plugin Vulnerable versions = 0.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49609 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 126e44ab20dc Credits João Pedro S Alcântara Kinorth Required privile...

WordPress jLayer Parallax Slider Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software jLayer Parallax Slider Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49334 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 65c219f6d335 Credits João Pedro S Alcântara Kinort...

WordPress Rate Own Post Plugin <= 1.0 is vulnerable to SQL Injection

Software Rate Own Post Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49616 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c63aca788766 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Parcel Pro Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Parcel Pro Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9383 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 434032076e56 Credits vgo0 Required privilege...

WordPress MAS Companies For WP Job Manager Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Software MAS Companies For WP Job Manager Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9206 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 18ca937f1193 Credits...

WordPress DPD Baltic Shipping Plugin <= 1.2.83 is vulnerable to Cross Site Scripting (XSS)

Software DPD Baltic Shipping Type Plugin Vulnerable versions = 1.2.83 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9350 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5aa369cd88 Credits vgo0 Required...

WordPress Giveaway Boost Plugin <= 2.1.4 is vulnerable to PHP Object Injection

Software Giveaway Boost Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49332 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc16e9530c12 Credits Mika Required privilege Unauthenticated...

WordPress Photo Gallery Builder Plugin <= 3.0 is vulnerable to Broken Access Control

Software Photo Gallery Builder Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49325 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db6c940f3de7 Credits Marek Mikita Required...

WordPress All in One Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software All in One Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49323 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6a5a43d2e17c Credits João Pedro S Alcântara Kinorth...

WordPress Sovratec Case Management Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Sovratec Case Management Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49324 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 36d5eac9e669 Credits stealthcopter Required privilege...

WordPress PublishPress Authors Plugin <= 4.7.1 is vulnerable to Privilege Escalation

Software PublishPress Authors Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9215 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID dc9bff13d8f2 Credits wesley wcraft Required...

WordPress Timetics Plugin <= 1.0.25 is vulnerable to Privilege Escalation

Software Timetics Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9263 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9e7b0505f08b Credits wesley wcraft Required privilege...

WordPress Kento Post View Counter Plugin <= 2.8 is vulnerable to SQL Injection

Software Kento Post View Counter Type Plugin Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2016-15040 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ec30554661e3 Credits WordFence Required privilege Unauthenticate...

WordPress Royal Elementor Addons Plugin <= 1.3.986 is vulnerable to Sensitive Data Exposure

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.986 Fixed in 1.3.987 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-7417 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 4060f71c187f Credits stealthcopter Required...

WordPress Timetable and Event Schedule Plugin <= 2.3.8 is vulnerable to Broken Access Control

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36840 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d75a5069efd3 Credits Ram Required...

WordPress Google Language Translator Plugin < 6.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Google Language Translator Type Plugin Vulnerable versions 6.0.10 Fixed in 6.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3695267a00ad Credits Ram Required...