WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.3 is vulnerable to Arbitrary File Download

Software MakeStories for Google Web Stories Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-38746 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 40afb38048ba Credits Majed...

WordPress Animated Rotating Words Plugin <= 5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Animated Rotating Words Type Plugin Vulnerable versions = 5.6 Fixed in 5.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38753 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dd7430216b1 Credits Majed Refaea...

WordPress JSON Content Importer Plugin <= 1.5.6 is vulnerable to Server Side Request Forgery (SSRF)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.6.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38723 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f916d2cf2c68 Credits...

WordPress MBE eShip Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software MBE eShip Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38729 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4adf7a356e66 Credits Joshua Chan Required...

WordPress EazyDocs Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software EazyDocs Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35c7ee4ff86c Credits Khalid Yusuf Required privilege Contributor...

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Local File Inclusion

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-38717 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c00579e5a889 Credits Ananda Dhakal...

WordPress Patricia Blog Theme <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Patricia Blog Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38732 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 79de657843ce Credits Dhabaleshwar Das Required...

WordPress EazyDocs Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38721 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e5440501869f Credits Khalid Yusuf Required privileg...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Broken Access Control

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38714 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 00f4bc37a87e Credits Majed Refaea Required...

WordPress Zoho CRM Lead Magnet Plugin <= 1.7.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Zoho CRM Lead Magnet Type Plugin Vulnerable versions = 1.7.8.8 Fixed in 1.7.8.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 67a915d6b2e4 Credits Dimas Maulana Required...

WordPress Product Delivery Date for WooCommerce – Lite Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Product Delivery Date for WooCommerce – Lite Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38702 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a611019beea2 Credits...

WordPress Moloni Plugin <= 4.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Moloni Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38694 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c1c98bacc1ee Credits Yudistira Arya Required privilege...

WordPress Event post Plugin <= 5.9.5 is vulnerable to Local File Inclusion

Software Event post Type Plugin Vulnerable versions = 5.9.5 Fixed in 5.9.6 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-38735 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e99c6808576 Credits Emili Castells Required privilege...

WordPress Uncanny Automator Pro Plugin <= 5.3 is vulnerable to Cross Site Scripting (XSS)

Software Uncanny Automator Pro Type Plugin Vulnerable versions = 5.3 Fixed in 5.3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37117 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9c1cb610bb3a Credits Dave Jong Patchstack...

WordPress MBE eShip Plugin <= 2.1.2 is vulnerable to Sensitive Data Exposure

Software MBE eShip Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38742 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID df94a639a0f7 Credits Joshua Chan...

WordPress Academy LMS Plugin <= 2.0.4 is vulnerable to Broken Access Control

Software Academy LMS Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38701 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1381c0d8b2d7 Credits filime Required privilege Academy...

WordPress ExS Widgets Plugin <= 0.3.1 is vulnerable to Local File Inclusion

Software ExS Widgets Type Plugin Vulnerable versions = 0.3.1 Fixed in 0.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88483868fd84 Credits João Pedro S Alcântara Kinorth...

WordPress WordPress Team Manager Plugin <= 2.1.12 is vulnerable to Local File Inclusion

Software WordPress Team Manager Type Plugin Vulnerable versions = 2.1.12 Fixed in 2.1.13 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38704 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 772c457874f8 Credits 4rCanJ0x! Required...

WordPress Quiz And Survey Master Plugin < 9.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.0.5 Fixed in 9.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 041e8eaa0b85 Credits Dmitrii Ignatyev...

WordPress Secure Copy Content Protection and Content Locking Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Secure Copy Content Protection and Content Locking Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6138 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 386e7454f8d8...