WordPress WP Users Masquerade Plugin <= 2.0.0 is vulnerable to Broken Authentication

Software WP Users Masquerade Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9522 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb305b8e1a56 Credits Istvá...

WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection

Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...

WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection

Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress IP Loc8 Plugin <= 1.1 is vulnerable to PHP Object Injection

Software IP Loc8 Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 037f1dc8325d Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Disc Golf Manager Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Disc Golf Manager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48026 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ad0f79b4fc3a Credits LVT-tholv2k Required privilege...

WordPress Maximum Products per User for WooCommerce Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Maximum Products per User for WooCommerce Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9205 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a571f465eb2...

WordPress External featured image from bing Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software External featured image from bing Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-48027 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID dfcd7085e39e Credits João...

WordPress pretix widget Plugin <= 1.0.5 is vulnerable to Local File Inclusion

Software pretix widget Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2024-9575 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a2933f81cf6 Credits João Pedro S Alcântara Kinorth Required...

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...

WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection

Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...

WordPress BuddyPress Docs Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Docs Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9207 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d79eef12da8e Credits vgo0 Required...

WordPress ThemeHunk Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software ThemeHunk Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8433 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c1773d3ddeac Credits Lucio Sá Required...

WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability

Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...

WordPress Embed PDF Viewer Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Embed PDF Viewer Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f682b615e5b7 Credits tjoffe Required privile...

WordPress Auto iFrame Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Auto iFrame Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9449 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 731554979a26 Credits tjoffe Required privilege Author...

WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to SQL Injection

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48020 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 257cfd27ce2c Credits Hakiduck Required...

WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9528 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 973bb3afee30 Credits Ivan Kuzymchak Required...

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...

WordPress Memberful Plugin <= 1.73.7 is vulnerable to Cross Site Scripting (XSS)

Software Memberful Type Plugin Vulnerable versions = 1.73.7 Fixed in 1.73.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9242 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID adec2a644a1d Credits vgo0 Required privilege...