WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.66 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.66 Fixed in 4.9.67 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9435 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a5108d6c15b...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a4b648ba0bb Credits Keitaro Yamazaki Required...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 148c8b46d288 Credits Keitaro Yamazaki...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...

WordPress Auto Amazon Links Plugin <= 5.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Auto Amazon Links Type Plugin Vulnerable versions = 5.4.2 Fixed in 5.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9349 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 432d964bd7ed Credits vgo0 Required...

WordPress Social Web Suite Plugin <= 4.1.11 is vulnerable to Arbitrary File Download

Software Social Web Suite Type Plugin Vulnerable versions = 4.1.11 Fixed in 4.1.12 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8352 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9b823a04681b Credits Thanh Nam Tran Required...

WordPress PWA Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software PWA Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c235cb7639b9 Credits Francesco Carlucci Required privileg...

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...

WordPress LH Copy Media File Plugin <= 1.08 is vulnerable to Cross Site Scripting (XSS)

Software LH Copy Media File Type Plugin Vulnerable versions = 1.08 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9220 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f98d57ff7d4d Credits Colin Xu Required...

WordPress Custom Banners Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom Banners Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8799 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cfcbb86b25ba Credits vgo0 Required privilege...

WordPress WooCommerce – Store Exporter Plugin <= 2.7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce – Store Exporter Type Plugin Vulnerable versions = 2.7.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8793 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5baa5a642e95 Credits vgo0...

WordPress KB Support Plugin <= 1.6.6 is vulnerable to Broken Access Control

Software KB Support Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8548 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4619b943c20e Credits Krzysztof Zając Required privileg...

WordPress DK PDF Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software DK PDF Type Plugin Vulnerable versions = 1.9.6 Fixed in 1.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8727 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce80562602cc Credits vgo0 Required privilege...

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

WordPress LocateAndFilter Plugin <= 1.6.14 is vulnerable to Cross Site Scripting (XSS)

Software LocateAndFilter Type Plugin Vulnerable versions = 1.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9304 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 26e76d650a46 Credits Francesco Carlucci Requir...

WordPress Unseen Blog Theme <= 1.0.0 is vulnerable to PHP Object Injection

Software Unseen Blog Type Theme Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7432 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID acc2ad92c272 Credits Francesco Carlucci Required privilege...

WordPress Affiliate Pro - Affiliate Program for WooCommerce & WordPress Plugin <= 8.4.1 is vulnerable to Privilege Escalation

Software Affiliate Pro - Affiliate Program for WooCommerce & WordPress Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.5.0 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a5bcf0c87e...

WordPress Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Plugin <= 1.27 is vulnerable to Cross Site Scripting (XSS)

Software Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Type Plugin Vulnerable versions = 1.27 Fixed in 1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47647 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aac881dee8e9 Credits...

WordPress Confetti Fall Animation Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Confetti Fall Animation Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47641 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1b31f88b4d3 Credits stealthcopter Required privilege...