WordPress Striking Theme <= 2.3.4 is vulnerable to Local File Inclusion

Software Striking Type Theme Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37268 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3bf80a88872b Credits Rafie Muhammad Patchstack Required privilege...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Local File Inclusion

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37266 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8224e271a86b Credits filime Required privilege Administrator Publishe...

WordPress Social Rocket Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Social Rocket Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37258 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44ba23451631 Credits Dimas Maulana Required privilege...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37256 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c87880efca91 Credits justakazh Required privilege Administrator Published 27...

WordPress Kadence Blocks Pro Plugin < 2.3.8 is vulnerable to Broken Access Control

Software Kadence Blocks Pro Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1330 Patch priority Low CVSS severity Low 4.3 Developer KadenceWP PSID 0488c91e76be Credits Scott Kingsley Clark Required...

WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5601 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID ca91d82db3a3 Credits Krzysztof Zając Required...

WordPress File Manager Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software File Manager Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37254 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64eee288cde4 Credits Rafie Muhammad Patchstack Requir...

WordPress Elements kit Elementor addons Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37255 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b0cbfbfccc4f Credits Rafie Muhammad Patchstack...

WordPress IdeaPush Plugin <= 8.60 is vulnerable to Cross Site Scripting (XSS)

Software IdeaPush Type Plugin Vulnerable versions = 8.60 Fixed in 8.61 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37265 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d3d6a921f11 Credits piro Required privilege Subscriber...

WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...

WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.15.5 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Type Plugin Vulnerable versions = 1.15.5 Fixed in 1.15.6 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress EmbedPress Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 86a2108fb08b Credits Yudistira Arya Required privilege...

WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)

Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 2.4.7 is vulnerable to Cross Site Scripting (XSS)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 2.4.7 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37259 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID 6e88ac2a1e7f Credits Yudisti...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.25 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37252 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3780ace67cce Credits shaman0x01 Required privilege...

WordPress Spotify Play Button Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Spotify Play Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81b0c1de1aa9 Credits Bob Matyas Required...

WordPress Logo Manager For Enamad Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4757 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 134c5c763311 Credits Bob Matyas...

WordPress Quiz Maker Plugin <= 6.5.8.3 is vulnerable to SQL Injection

Software Quiz Maker Type Plugin Vulnerable versions = 6.5.8.3 Fixed in 6.5.8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6028 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 91d50e136383 Credits Arkadiusz Hydzik Required privilege Unauthenticat...

WordPress Social Warfare Plugin 4.4.6.4-4.4.7.1 is vulnerable to Backdoor

Software Social Warfare Type Plugin Vulnerable versions 4.4.6.4-4.4.7.1 Fixed in 4.4.7.3 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 29aedd9dc6eb Credits WordFence Required privilege Unauthenticated...

WordPress Wrapper Link Elementor Plugin 1.0.2,1.0.3 is vulnerable to Backdoor

Software Wrapper Link Elementor Type Plugin Vulnerable versions 1.0.2,1.0.3 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73ed028987ed Credits WordFence Required privilege Unauthenticate...