WordPress myCred Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2faf75ac250 Credits LVT-tholv2k Required privilege Contributor...

WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress Modal Window Plugin <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Modal Window Type Plugin Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 956b00accf44 Credits LVT-tholv2k Required privilege Contributo...

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

WordPress EmbedPress Plugin <= 4.0.9 is vulnerable to Local File Inclusion

Software EmbedPress Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43328 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 8a6dffdf0163 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Hello Agency Theme <= 1.0.5 is vulnerable to Broken Access Control

Software Hello Agency Type Theme Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43341 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dad92fd9c880 Credits Fariq Fadillah Gusti Insani...

WordPress Team Showcase Plugin <= 1.22.23 is vulnerable to Cross Site Scripting (XSS)

Software Team Showcase Type Plugin Vulnerable versions = 1.22.23 Fixed in 1.22.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43321 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48667d784b23 Credits LVT-tholv2k Required privilege...

WordPress Livemesh Addons for WPBakery Page Builder Plugin <= 3.9 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.9 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43320 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de5a6a68fb13 Credits LVT-tholv2k...

WordPress WP Telegram Widget and Join Link Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Software WP Telegram Widget and Join Link Type Plugin Vulnerable versions = 2.1.27 Fixed in 2.1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43309 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e7c6c4fd307b Credits Muhammad Daffa...

WordPress Structured Content Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df5a04e07bd7 Credits Michael Required privilege...

WordPress Gutentor Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Gutentor Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e4eea1e0d03 Credits João Pedro S Alcântara Kinorth Required...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43304 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bdccb41579f9 Credi...

WordPress Fonts Plugin <= 3.7.7 is vulnerable to Broken Access Control

Software Fonts Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43302 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 28935a5c542e Credits Rafie Muhammad Patchstack Required...

WordPress Clone Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92218c2f2d27 Credits Ananda Dhakal Patchstack Required...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43297 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4fdc68645ff9 Credits Anand...

WordPress Recipe Card Blocks for Gutenberg & Elementor Plugin <= 3.3.1 is vulnerable to Broken Access Control

Software Recipe Card Blocks for Gutenberg & Elementor Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19c361c53a3a Credits...

WordPress Presto Player Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Presto Player Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43285 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 632e04c55037 Credits Rafie Muhammad Patchstack...

WordPress Grow by Tradedoubler Plugin < 2.0.22 is vulnerable to Local File Inclusion

Software Grow by Tradedoubler Type Plugin Vulnerable versions 2.0.22 Fixed in 2.0.22 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6460 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 01b6350330ff Credits Project Black Required privilege...

WordPress Download Plugins and Themes from Dashboard Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Download Plugins and Themes from Dashboard Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7501 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 299a7b2ab8c8...

WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...