WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6751 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 88dfd0390d2d Credits István Márton...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2759a5c87ac3 Credits István Márton...

WordPress MaxiBlocks Plugin <= 1.9.2 is vulnerable to Arbitrary File Deletion

Software MaxiBlocks Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-6885 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 302b1ce9770d Credits Lucio Sá Required privilege...

WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability

Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...

WordPress CoBlocks Plugin < 3.1.12 is vulnerable to Server Side Request Forgery (SSRF)

Software CoBlocks Type Plugin Vulnerable versions 3.1.12 Fixed in 3.1.12 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4260 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 9551e8b9e50a Credits Dmitrii Ignatyev Required privilege...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39619 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 340c55b26054 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38795 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e3cbe0b07232 Credits Rafie Muhammad Patchstack Required privilege...

WordPress pz-frontend-manager Plugin < 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software pz-frontend-manager Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00622e75c008 Credits Vuln Seeker...

WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...

WordPress WP QuickLaTeX Plugin < 3.8.8 is vulnerable to Cross Site Scripting (XSS)

Software WP QuickLaTeX Type Plugin Vulnerable versions 3.8.8 Fixed in 3.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5529 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f0666acc2d5f Credits Bob Matyas Required privileg...

WordPress CM Pop-Up banners Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software CM Pop-Up banners Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5004 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c09d4a685e6 Credits Felipe Caon Required...

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

WordPress Mercado Pago payments for WooCommerce Plugin 7.3.0 - 7.6.1 is vulnerable to Arbitrary File Download

Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions 7.3.0 - 7.6.1 Fixed in 7.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2024-3934 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID e624a5a01127...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 234 is vulnerable to Broken Access Control

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 234 Fixed in 235 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-38792 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b86aa3788718...

WordPress Conditional Fields for Contact Form 7 Plugin <= 2.4.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Conditional Fields for Contact Form 7 Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e1825173a8a1...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39622 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ecd756a53e31 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Addonify Plugin <= 1.2.16 is vulnerable to Sensitive Data Exposure

Software Addonify Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6560 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d0b06da3556d Credits stealthcopter Required privileg...

WordPress CTX Feed Plugin <= 6.5.6 is vulnerable to Privilege Escalation

Software CTX Feed Type Plugin Vulnerable versions = 6.5.6 Fixed in 6.5.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38775 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID cbdae09cf674 Credits stealthcopter Required privilege Sh...

WordPress Bug Library Plugin < 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bug Library Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33f82588687d Credits Bob Matyas Required privilege...