WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5765 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 003d2dbb7aa7 Credits Project Black Required privilege Unauthenticated...

WordPress Pmpro Membership Maps Plugin < 0.7 is vulnerable to Sensitive Data Exposure

Software Pmpro Membership Maps Type Plugin Vulnerable versions 0.7 Fixed in 0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1286 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7b3657c40ef Credits Scott Kingsley Clark...

WordPress Paid Memberships Pro - Member Directory Add On Plugin < 1.2.6 is vulnerable to SQL Injection

Software Paid Memberships Pro - Member Directory Add On Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1287 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7039256f577b Credits Scott Kingsley Clark...

PT-2024-29517 · Priority · Pri Web Portal Add-On For Priority Erp

Name of the Vulnerable Software and Affected Versions: PRI WEB Portal Add-On for Priority ERP on prem affected versions not specified Description: The issue concerns exposure of sensitive information to an unauthorized actor, as described by CWE-200. Recommendations: At the moment, there is no...

Priority 信息泄露漏洞

Priority is an ERP solution from Priority Israel. Priority suffers from an information disclosure vulnerability that originates from the disclosure of sensitive information to unauthorized actors...

WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...

WordPress Email Encoder Bundle Plugin < 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions 2.2.2 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5d3ad3645d3e Credits Krugov Artyom Require...

WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.11.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6627 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID 0dee5f2221b3 Credits Webbernaut Required...

WordPress WooCommerce Product Table Lite Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Table Lite Type Plugin Vulnerable versions = 3.5.1 Fixed in 3.8.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b99493f3472e Credits Luc...

WordPress Media.net Ads Manager Plugin <= 2.10.13 is vulnerable to Arbitrary File Upload

Software Media.net Ads Manager Type Plugin Vulnerable versions = 2.10.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6431 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 89eb205a9ac8 Credits István Márton Required privilege...

WordPress Campaign Monitor for WordPress Plugin <= 2.8.15 is vulnerable to Sensitive Data Exposure

Software Campaign Monitor for WordPress Type Plugin Vulnerable versions = 2.8.15 Fixed in 2.8.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6569 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63abfd042be5 Credits...

WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...

PT-2024-38140 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. Thi...

WordPress PowerPack Pro for Elementor Plugin <= 2.10.14 is vulnerable to Privilege Escalation

Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.10.14 Fixed in 2.10.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-39634 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID...

WordPress All-in-One Video Gallery Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6629 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 570fc0403d8c Credits Webbernaut...

WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 3.4.6 is vulnerable to Broken Access Control

Software Funnel Builder for WordPress by FunnelKit Type Plugin Vulnerable versions = 3.4.6 Fixed in 3.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f7a411b5f336 Credits Luci...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df6582eddf1d Credits István Márton...

WordPress Youzify Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software Youzify Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77bf27da026 Credits LVT-tholv2k Required privilege...

WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...