WordPress FV Flowplayer Video Player Plugin <= 7.5.46.7212 is vulnerable to SQL Injection

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.46.7212 Fixed in 7.5.47.7212 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6338 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 35cbf5adc214 Credits Arkadiusz Hydzik Required...

WordPress Atarim Plugin <= 4.0 is vulnerable to Broken Access Control

Software Atarim Type Plugin Vulnerable versions = 4.0 Fixed in 4.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38771 Patch priority Medium CVSS severity Medium 6.5 Developer Atarim PSID 7e5566c5bcde Credits piro Required privilege Unauthenticated...

WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...

WordPress Filter & Grids Plugin < 2.8.33 is vulnerable to Local File Inclusion

Software Filter & Grids Type Plugin Vulnerable versions 2.8.33 Fixed in 2.8.33 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6164 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fa64410035b5 Credits Project Black Required privilege...

WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.26 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.26 Fixed in 5.7.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5703 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1ed8caccfad Credits Arkadiusz...

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6660 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0a2c97d6e1ad Credits shaman0x01 Required privilege Subscriber...

WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control

Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...

WordPress HUSKY Plugin <= 1.3.6 is vulnerable to SQL Injection

Software HUSKY Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.6.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6457 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 98840dcb4c01 Credits Arkadiusz Hydzik Required privilege Unauthenticated...

WordPress Glossary Plugin <= 2.2.26 is vulnerable to Sensitive Data Exposure

Software Glossary Type Plugin Vulnerable versions = 2.2.26 Fixed in 2.2.27 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6570 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 321b9ea74460 Credits stealthcopter Required privileg...

WordPress AForms Plugin <= 2.2.6 is vulnerable to Sensitive Data Exposure

Software AForms Type Plugin Vulnerable versions = 2.2.6 Fixed in 2.2.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6565 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 25ef6cfd65dd Credits stealthcopter Required privilege...

WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6075 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c3f59dd6bdda Credits Bob Matyas Required privileg...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6072 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 416714c64e72 Credits Bob Matyas Required...

WordPress Tournamatch Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Tournamatch Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5627 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 160ba992cf57 Credits Davide Balzano Required...

WordPress Bug Library Plugin < 2.1.1 is vulnerable to Remote Code Execution (RCE)

Software Bug Library Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5450 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5f64af27fea2 Credits Bob Matyas Required privilege Unauthenticat...

WordPress NextGEN Gallery Plugin < 3.59.3 is vulnerable to Cross Site Scripting (XSS)

Software NextGEN Gallery Type Plugin Vulnerable versions 3.59.3 Fixed in 3.59.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5442 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 16bde9ef9207 Credits Krugov Artyom Required...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5284 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f0487dd08240 Credits Bob Matyas Required...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5280 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fe8966b39d9 Credits caon Required...