WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

WordPress Simple AL Slider Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Simple AL Slider Type Plugin Vulnerable versions = 1.2.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0854b8133aa8 Credits Bob Matyas Require...

WordPress PowerPress Podcasting Plugin 11.9.3-11.9.4 is vulnerable to Backdoor

Software PowerPress Podcasting Type Plugin Vulnerable versions 11.9.3-11.9.4 Fixed in 11.9.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID cc7a51200190 Credits WordFence Required privilege...

WordPress WP Server Health Stats Plugin 1.7.6 is vulnerable to Backdoor

Software WP Server Health Stats Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 45a546f4e251 Credits WordFence Required privilege Unauthenticated...

WordPress Seo Optimized Images Plugin 2.1.2 is vulnerable to Backdoor

Software Seo Optimized Images Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 88a9e93519c2 Credits WordFence Required privilege Unauthenticated...

WordPress Chained Quiz Plugin <= 1.3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Chained Quiz Type Plugin Vulnerable versions = 1.3.2.8 Fixed in 1.3.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37446 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 534f1e281848 Credits Manab Jyoti Dowarah Required privileg...

WordPress OnePress Theme <= 2.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software OnePress Type Theme Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37448 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c9968969f7ad Credits Dhabaleshwar Das Required...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e5ceb2ec6d1 Credits Rafie Muhamma...

WordPress ARMember Premium Plugin < 6.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Premium Type Plugin Vulnerable versions 6.7.1 Fixed in 6.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77f7fcbe1ab Credits Cat Required privile...

WordPress Mesmerize Theme <= 1.6.120 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mesmerize Type Theme Vulnerable versions = 1.6.120 Fixed in 1.6.124 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37431 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c60ba7d94aaa Credits Dhabaleshwar Das...

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37427 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d73e6a480d4b Credits Manab Jyoti Dowarah Required...

WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37425 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bdb588fe4e59 Credits Rafie Muhammad Patchstack...

WordPress WP Photo Album Plus Plugin <= 8.8.00.002 is vulnerable to Cross Site Scripting (XSS)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.00.002 Fixed in 8.8.00.003 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37416 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2c09f1a99da Credits stealthcopter...

WordPress Coachify Theme <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coachify Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37417 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f240f2751316 Credits Dhabaleshwar Das Required...

WordPress Conversios.io Plugin <= 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ca27caeedd00 Credits Ulyses Saicha Requir...

WordPress Paid Memberships Pro Plugin <= 3.0.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-37277 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dc85580f8dca Credits Rafie...

WordPress Atarim Plugin <= 3.31 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.31 Fixed in 3.32 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37434 Patch priority Low CVSS severity Low 5.9 Developer Atarim PSID c53738d448b9 Credits piro Required privilege Administrator Published 28 June,...

WordPress Zita Elementor Site Library Plugin <= 1.6.1 is vulnerable to Arbitrary Code Execution

Software Zita Elementor Site Library Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Code Execution CVE CVE-2024-37420 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID a25d18d1f0cd Credits Majed Refaea...

WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0.3 is vulnerable to Local File Inclusion

Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0.3 Fixed in 1.3.0.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37410 Patch priority Low CVSS severity Low 4.9 Developer IdeaBox Creations PSID 6c1f186fa5b1 Credits João...

WordPress TrustedLogin Vendor Plugin < 1.1.1 is vulnerable to Sensitive Data Exposure

Software TrustedLogin Vendor Type Plugin Vulnerable versions 1.1.1 Fixed in 1.1.1 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-37270 Patch priority Low CVSS severity Low 5.3 Developer TrustedLogin PSID d31d0f132840 Credits Dhabaleshwar Das Require...