WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74ab02fc965d Credits Bob Matyas Required...

WordPress WP Job Portal Plugin <= 2.1.6 is vulnerable to Broken Access Control

Software WP Job Portal Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7950 Patch priority High CVSS severity High 9.8 Developer Ahmad PSID 3162f7bd55ec Credits Connor Billings Required privilege...

WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.8.6-3.8.10 Fixed in 3.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b1a720170de Credits Erwan LR WPScan Required privilege...

WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control

Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...

PT-2024-32237 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the drm/panthor component, where high priorities on group create were not properly restricted. This allowed any users to create a high priority group without...

WordPress Share This Image Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce0f588ce2a5 Credits Francesco Carlucci Requir...

WordPress Attire Theme <= 2.0.6 is vulnerable to PHP Object Injection

Software Attire Type Theme Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7435 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 834924dbc4f2 Credits Francesco Carlucci Required privilege Contribut...

WordPress WP Cerber Security Plugin <= 9.4 is vulnerable to Bypass Vulnerability

Software WP Cerber Security Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e81948cda6a5 Credits chihyu Required privilege...

WordPress Web Directory Free Plugin < 1.7.3 is vulnerable to Local File Inclusion

Software Web Directory Free Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3673 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4fbe470a086 Credits Simone Onofri Kim Cerra Andrea De...

WordPress Booking Calendar Plugin <= 10.5 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions = 10.5 Fixed in 10.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f7f6184bfbdf Credits David Gallagher...

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...

WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...

WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...

WordPress Tourfic Plugin <= 2.11.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tourfic Type Plugin Vulnerable versions = 2.11.20 Fixed in 2.11.21 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8319 Patch priority Low CVSS severity Low 4.3 Developer Themefic PSID 59cc85267376 Credits WordFence Required privilege...

WordPress Fluida Theme <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Fluida Type Theme Vulnerable versions = 1.8.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44054 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 59dcfdc39bec Credits stealthcopter Required privilege Contributor...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Local File Inclusion

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8da27be920b8 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Masterstudy LMS Starter Theme <= 1.1.8 is vulnerable to Sensitive Data Exposure

Software Masterstudy LMS Starter Type Theme Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43990 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 36d1f32aa077 Credits Peng Zhou Required...

WordPress Mystique Theme <= 2.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Mystique Type Theme Vulnerable versions = 2.5.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43988 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62ec3578ba8d Credits stealthcopter Required privilege Contributor...

WordPress EasyJobs Plugin <= 2.4.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software EasyJobs Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.4.15 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-43997 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56a38105092f Credits Muhammad Daffa Required...

WordPress Blogpoet Theme <= 1.0.3 is vulnerable to Broken Access Control

Software Blogpoet Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43998 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 863978478910 Credits Fariq Fadillah Gusti Insani...