WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.121 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.121 Fixed in 1.5.122 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-49271 Patch priority High CVSS severity High 9.1 Developer Unlimited Elements PSID...

WordPress my wooden under construction Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software my wooden under construction Type Theme Vulnerable versions = 2.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cc0e1da3f3b Credits justakazh Required...

WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

WordPress Order Attachments for WooCommerce Plugin 2.0 - 2.4.1 is vulnerable to Broken Access Control

Software Order Attachments for WooCommerce Type Plugin Vulnerable versions 2.0 - 2.4.1 Fixed in 2.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9756 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dca315263a7c Credits luckynoo...

WordPress Azz Anonim Posting Plugin <= 0.9 is vulnerable to Arbitrary File Upload

Software Azz Anonim Posting Type Plugin Vulnerable versions = 0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49257 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a0f84f528406 Credits stealthcopter Required privilege...

WordPress Ajax Rating with Custom Login Plugin <= 1.1 is vulnerable to SQL Injection

Software Ajax Rating with Custom Login Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49246 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID de8e18fe2e58 Credits stealthcopter Required privilege...

WordPress Digital Lottery Plugin <= 3.0.5 is vulnerable to Arbitrary File Upload

Software Digital Lottery Type Plugin Vulnerable versions = 3.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49242 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7676461ee2c0 Credits stealthcopter Required privilege...

WordPress ShortPixel Image Optimizer Plugin <= 5.6.3 is vulnerable to Broken Access Control

Software ShortPixel Image Optimizer Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-48044 Patch priority Low CVSS severity Low 5.4 Developer ShortPixel PSID a501abcf0465 Credits Rafie Muhammad Patchsta...

WordPress ShortPixel Image Optimizer Plugin <= 5.6.3 is vulnerable to SQL Injection

Software ShortPixel Image Optimizer Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48043 Patch priority Low CVSS severity Low 7.6 Developer ShortPixel PSID d284fe203395 Credits Rafie Muhammad Patchstack Required privileg...

WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9519 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 64930a4c20d0 Credits István Márton Required privilege...

WordPress Pedalo Connector Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software Pedalo Connector Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9822 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4f984c880363 Credits István...

WordPress Hunk Companion Plugin <= 1.8.4 is vulnerable to Broken Access Control

Software Hunk Companion Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9707 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 20cecbb53904 Credits Sean Murphy Required privileg...

WordPress FULL Customer Plugin <= 3.1.22 is vulnerable to Cross Site Scripting (XSS)

Software FULL Customer Type Plugin Vulnerable versions = 3.1.22 Fixed in 3.1.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 199342483259 Credits vgo0 Required...

WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.11 is vulnerable to Sensitive Data Exposure

Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.11 Fixed in 5.6.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8913 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...

WordPress PublishPress Revisions Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software PublishPress Revisions Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9436 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3677d6c152ff Credits vgo0...

WordPress Language Switcher Plugin <= 3.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Language Switcher Type Plugin Vulnerable versions = 3.7.13 Fixed in 3.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9610 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7600fb4498d2 Credits vgo0 Required...

WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8b4c5ec7c9db Credits John Castro Required privilege...

WordPress pretix widget Plugin <= 1.0.5 is vulnerable to Local File Inclusion

Software pretix widget Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2024-9575 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a2933f81cf6 Credits João Pedro S Alcântara Kinorth Required...