WordPress Essential Real Estate Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3dd9001bf079 Credits Krzysztof Zając...

WordPress Social Link Pages Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Link Pages Type Plugin Vulnerable versions = 1.6.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3555 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d1f020a1aca Credits Lucio Sá Required...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Advanced Custom Fields PRO Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1daa59fd8d88 Credits Scott Kingsley Clark...

WordPress WPvivid Backup for MainWP Plugin <= 0.9.32 is vulnerable to Cross Site Scripting (XSS)

Software WPvivid Backup for MainWP Type Plugin Vulnerable versions = 0.9.32 Fixed in 0.9.33 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e6744843cdb4 Credits Yudistira Arya...

WordPress Checkout Field Editor for WooCommerce (Pro) Plugin <= 3.6.2 is vulnerable to Arbitrary File Deletion

Software Checkout Field Editor for WooCommerce Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-35658 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 9d1a439eb128 Credits Dave Jong...

WordPress Responsive Theme <= 5.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Type Theme Vulnerable versions = 5.0.3 Fixed in 5.0.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35654 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c102ae479f0d Credits stealthcopter Required privilege Contribut...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35649 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7dd6585cf515 Credits LVT-tholv2k Required...

WordPress Social Login Lite For WooCommerce Plugin <= 1.6.0 is vulnerable to Broken Authentication

Software Social Login Lite For WooCommerce Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-4552 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9ddbae9ad306...

WordPress wpDataTables Plugin <= 6.3.2 is vulnerable to Broken Access Control

Software wpDataTables Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3821 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 276b766fb920 Credits villu164 Required privilege...

WordPress wpDataTables Plugin <= 6.3.1 is vulnerable to SQL Injection

Software wpDataTables Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3820 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 85631b10c84a Credits villu164 Required privilege Unauthenticated Publish...

WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3200 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 101daf0caeac Credits Krzysztof Zając Required privilege Contributor...

WordPress Netgsm Plugin <= 2.9.19 is vulnerable to Broken Access Control

Software Netgsm Type Plugin Vulnerable versions = 2.9.19 Fixed in 2.9.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35672 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ec4277f3436d Credits Majed Refaea Required privilege...

WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...

WordPress Emergency Password Reset Plugin <= 8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Emergency Password Reset Type Plugin Vulnerable versions = 8.0 Fixed in 9.0 OWASP Top 10 A8: Software and Data Integrity Failures Classification Cross Site Request Forgery CSRF CVE CVE-2024-35648 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cd74213ad8d6 Credits...

WordPress Elements For Elementor Plugin <= 2.1 is vulnerable to Local File Inclusion

Software Elements For Elementor Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5348 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 9e9484637a31 Credits stealthcopter Required privilege...

WordPress Master Addons for Elementor Plugin <= 2.0.5.4.1 is vulnerable to Broken Access Control

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.5.4.1 Fixed in 2.0.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7197d57368a4 Credits Khali...

WordPress Happy Addons for Elementor Plugin <= 3.10.9 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.10.9 Fixed in 3.11.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5347 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID ebc3fed24a0c Credits wesley wcraft Requir...

WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection

Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...

WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)

Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...