WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-9862 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 712edfb96dcd Credits...

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...

WordPress WP Photo Album Plus Plugin <= 8.8.05.003 is vulnerable to Cross Site Scripting (XSS)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.05.003 Fixed in 8.8.07.004 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9951 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 361cb23fe9c7 Credits Noah...

Small Business Owners Must Prioritize Cybersecurity to Stay Operational

As a small business owner, you may think you are too insignificant to ever be on a cybercriminal’s…...

WordPress AADMY Plugin <= 2.0.1 is vulnerable to Content Injection

Software AADMY Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9837 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e1df1286c7c4 Credits Francesco Carlucci Required privilege...

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

WordPress Community by PeepSo Plugin <= 6.4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Community by PeepSo Type Plugin Vulnerable versions = 6.4.6.1 Fixed in 6.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9873 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 149b9a71dcfc Credits Bikram...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8918 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 8b2de26c1b42 Credits TANG Cheuk Hei siunam Required privile...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Broken Access Control

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8746 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 037debfe30cc Credits TANG Cheuk Hei siunam...

WordPress PeproDev Ultimate Invoice Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Software PeproDev Ultimate Invoice Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49298 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ec8d635fcc13 Credits LVT-tholv2k Required privile...

WordPress Edwiser Bridge Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Edwiser Bridge Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49311 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 21963ed8844c Credits Muhammad Daffa Required privilege...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Arbitrary File Upload

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49291 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ca91d1c3c8bf Credits RE-ALTER Required privilege Unauthenticated...

WordPress SSV MailChimp Plugin <= 3.1.5 is vulnerable to Local File Inclusion

Software SSV MailChimp Type Plugin Vulnerable versions = 3.1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-49285 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 383b9dc2b560 Credits tahu.datar Required privilege Unauthenticate...

WordPress PDF-Rechnungsverwaltung Plugin <= 0.0.1 is vulnerable to Local File Inclusion

Software PDF-Rechnungsverwaltung Type Plugin Vulnerable versions = 0.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-49287 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e30e75b2fb5a Credits tahu.datar Required privilege...

WordPress CURCY Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software CURCY Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49283 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a6bd022fc477 Credits Dimas Maulana Required privilege...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49290 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c5a09464e377 Credits RE-ALTER Required privileg...

WordPress My Reading Library Plugin <= 1.0 is vulnerable to PHP Object Injection

Software My Reading Library Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49318 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 404c7fdc5e2d Credits LVT-tholv2k Required privilege...

WordPress Akismet htaccess writer Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Akismet htaccess writer Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49316 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 909749f57b22 Credits Le Ngoc Anh Required...