WordPress Custom Field For WP Job Manager Plugin <= 1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Custom Field For WP Job Manager Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7049 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3021ad422dd8 Credits...

WordPress Plugin Notes Plus Plugin <= 1.2.7 is vulnerable to Arbitrary Content Deletion

Software Plugin Notes Plus Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2024-43326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 048345824ef6 Credits Trương Hữu Phúc...

WordPress Purity Of Soul Theme <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Purity Of Soul Type Theme Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43348 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e3680e055fd Credits justakazh Required privilege...

WordPress JetElements For Elementor Plugin <= 2.6.20 is vulnerable to Cross Site Scripting (XSS)

Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.20 Fixed in 2.6.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7144 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID e5a6ab70d49a Credits stealthcopter...

WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...

WordPress Order Tracking Plugin < 3.3.13 is vulnerable to Broken Access Control

Software Order Tracking Type Plugin Vulnerable versions 3.3.13 Fixed in 3.3.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID da6200de622c Credits Abdi Pranata Required privileg...

WordPress Brave Popup Builder Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Brave Popup Builder Type Plugin Vulnerable versions = 0.7.0 Fixed in 0.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43337 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04312f740763 Credits Ananda Dhakal...

WordPress JetBlocks For Elementor Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7147 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 63831bec7c72 Credits stealthcopter...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

WordPress WooCommerce Plugin <= 9.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39666 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e41b7df57a0 Credits stealthcopter Required privilege...

WordPress InPost PL Plugin <= 1.4.4 is vulnerable to Arbitrary File Deletion

Software InPost PL Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-6500 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 35e3c8ad65b3 Credits 1337Wannabe Required privilege...

WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure

Software Relevanssi Type Plugin Vulnerable versions = 4.22.2 Fixed in 4.23.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7630 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cdb75757e257 Credits stealthcopter Required...

WordPress Theme My Login Plugin <= 7.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Theme My Login Type Plugin Vulnerable versions = 7.1.7 Fixed in 7.1.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7422 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3496bb32e539 Credits vgo0 Required privile...

WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection

Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...

WordPress ElementsKit Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7064 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ae540cd84ef6 Credits Webbernaut Required...

WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...

WordPress Depicter Slider Plugin <= 3.1.1 is vulnerable to Arbitrary File Upload

Software Depicter Slider Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4389 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 73585a151085 Credits Arkadiusz Hydzik Required privilege...

WordPress WooCommerce Social Login Plugin <= 2.7.5 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-7503 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 23315c373121 Credits Truoc Phan Required...

WordPress Term And Category Based Posts Widget Plugin < 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Term And Category Based Posts Widget Type Plugin Vulnerable versions 4.9.13 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ddaec10bd6e Credits Dmitrii Ignatyev...

WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6136 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cbacff106a90 Credits Bob Matyas Required privileg...