WordPress Contact Form 7 Multi-Step Addon Plugin <= 1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8aae8a0dc1cb Credits Sansec.io Required privilege Unauthenticated...

WordPress Simply Show Hooks Plugin <= 1.2.1 is vulnerable to Backdoor

Software Simply Show Hooks Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9717f5492dd4 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 20...

WordPress nicen-localize-image Plugin <= 1.4.1 is vulnerable to Backdoor

Software nicen-localize-image Type Plugin Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9cc7d9fd0cd5 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.1 is vulnerable to Cross Site Scripting (XSS)

Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.1 Fixed in 5.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4482 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...

WordPress YITH WooCommerce Affiliates Plugin <= 3.8.0 is vulnerable to Backdoor

Software YITH WooCommerce Affiliates Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer YITH PSID 6b928027e13c Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor

Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress Logic Hop Plugin <= 3.8.8 is vulnerable to Backdoor

Software Logic Hop Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.9.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e54343bdaeda Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Product Customer List for WooCommerce Plugin <= 3.1.6 is vulnerable to Backdoor

Software Product Customer List for WooCommerce Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23316ac7b932 Credits Sansec.io Required privilege Unauthenticate...

WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Void Contact Form 7 Widget For Elementor Page Builder Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5419 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Rank Math SEO Plugin < 1.0.219 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions 1.0.219 Fixed in 1.0.219 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4627 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad021b2fbe4b Credits Dmitrii Ignatyev Require...

WordPress Ashe Theme <= 2.233 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ashe Type Theme Vulnerable versions = 2.233 Fixed in 2.234 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37478 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01c115634ea3 Credits Dhabaleshwar Das Required...

WordPress Blocksy Theme <= 2.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blocksy Type Theme Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37469 Patch priority Low CVSS severity Low 5.4 Developer Creative Themes PSID a4b7cfca4dc7 Credits RE-ALTER Required privileg...

WordPress Ultimate Addons for Elementor Plugin <= 1.36.31 is vulnerable to Privilege Escalation

Software Ultimate Addons for Elementor Type Plugin Vulnerable versions = 1.36.31 Fixed in 1.36.32 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37455 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID accfb8b8dfc3 Credits Ngô...

WordPress Highlight Theme <= 1.0.29 is vulnerable to Cross Site Request Forgery (CSRF)

Software Highlight Type Theme Vulnerable versions = 1.0.29 Fixed in 1.0.30 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3256d2afc0e1 Credits Dhabaleshwar Das Require...

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...

WordPress Events Manager Plugin <= 6.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.8 Fixed in 6.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5889 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a114bc7cd5f Credits kauenavarro Require...

WordPress AWSM Team Plugin <= 1.3.1 is vulnerable to Local File Inclusion

Software AWSM Team Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a8caf37850ed Credits João Pedro S Alcântara Kinorth...

WordPress Pagerank Tools Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Pagerank Tools Type Plugin Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed7753fdc52a Credits Bob Matyas Required...

WordPress Simple Photoswipe Plugin <= 0.1 is vulnerable to Settings Change

Software Simple Photoswipe Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-5570 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 461ac97ab0b1 Credits Felipe Caon Required privilege...