WordPress CM Email Registration Blacklist and Whitelist Plugin < 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Email Registration Blacklist and Whitelist Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 352ac64ce637...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 671675d484b6 Credits Bob Matyas Required privilege...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

WordPress Shortcodes Ultimate Pro Plugin < 7.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.1.5 Fixed in 7.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6182f916e0f Credits Dmitrii Ignatyev...

WordPress Hostel Plugin < 1.1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Hostel Type Plugin Vulnerable versions 1.1.5.3 Fixed in 1.1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8eec664963a4 Credits Bob Matyas Required...

WordPress Seriously Simple Podcasting Plugin < 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3751 Patch priority Low CVSS severity Low 5.9 Developer Castos PSID a88cd16d6fc7 Credits Thanh Hang Required...

WordPress Smart Image Gallery Plugin < 1.0.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Image Gallery Type Plugin Vulnerable versions 1.0.19 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13b040259b7b Credits Bob Matyas...

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...

WordPress WP Links Page Plugin <= 4.9.5 is vulnerable to Broken Access Control

Software WP Links Page Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6465 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b1e0ddf2ea6 Credits Lucio Sá Required privilege...

WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...

WordPress Quotes And Tips Plugin < 1.45 is vulnerable to Arbitrary File Upload

Software Quotes And Tips Type Plugin Vulnerable versions 1.45 Fixed in 1.45 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3112 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID a96054a32ac9 Credits Peng Zhou zpbrent Required privilege...

WordPress Social Media Widget Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media Widget Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0974 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 904528994de0 Credits Dmitrii Ignatyev...

WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL Injection

Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5325 Patch priority High CVSS severity High 8.5 Developer WPVibes PSID ede7aa3d2234 Credits Peter Thaleikis Required...

WordPress WP Total Branding Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Total Branding Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6625 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7d5303cf6ee Credits Artem Polynko Artem Polynk...

WordPress Send Users Email Plugin <= 1.5.1 is vulnerable to Sensitive Data Exposure

Software Send Users Email Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38760 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 13aaf3930e9f Credits Joshua...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

WordPress Inline Related Posts Plugin < 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Inline Related Posts Type Plugin Vulnerable versions 3.7.0 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5626 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e490330be604 Credits Dmitrii Ignatye...

WordPress Watu Quiz Plugin < 3.4.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions 3.4.1.2 Fixed in 3.4.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2640 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 617bfa58ba67 Credits Eunho Kim Required privilege...

WordPress Zoho Campaigns Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Zoho Campaigns Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-38752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48112379bb70 Credits Majed Refaea Required...