WordPress Responsive Owl Carousel for Elementor Plugin <= 1.2.0 is vulnerable to Local File Inclusion

Software Responsive Owl Carousel for Elementor Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5345 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 48748da13e8e Credits stealthcopter Require...

WordPress WP Back Button Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Back Button Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35643 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 90452d019b78 Credits alfido osdie Patchstack Alliance Required...

WordPress Simple Spoiler Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Spoiler Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35639 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c046b9bc81be Credits Cronus Required privilege Administrator...

WordPress Comparison Slider Plugin <= 1.0.5 is vulnerable to Broken Access Control

Software Comparison Slider Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f32c9b917a8 Credits Benedictus Jovan aillesiM...

WordPress Ninja Tables Plugin <= 5.0.9 is vulnerable to Server Side Request Forgery (SSRF)

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-35635 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 2b5ac1cd1dee Credits Yuchen J...

WordPress Swiss Toolkit For WP Plugin <= 1.0.7 is vulnerable to Broken Authentication

Software Swiss Toolkit For WP Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-5204 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 07e08699642a Credits István Márton...

WordPress Yumpu ePaper publishing Plugin <= 2.0.24 is vulnerable to Broken Access Control

Software Yumpu ePaper publishing Type Plugin Vulnerable versions = 2.0.24 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3277 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 08c9f70d34e3 Credits Lucio Sá Required...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.89 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.89 Fixed in 1.5.91 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6743 Patch priority High CVSS severity High 9.9 Developer Unlimited Elements PSID...

WordPress Testimonial Carousel For Elementor Plugin <= 10.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Carousel For Elementor Type Plugin Vulnerable versions = 10.2.2 Fixed in 10.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2253 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411cbe7852c2 Credits...

WordPress Login with phone number Plugin <= 1.7.26 is vulnerable to Privilege Escalation

Software Login with phone number Type Plugin Vulnerable versions = 1.7.26 Fixed in 1.7.27 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-5150 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID a2294e0242d6 Credits István Márton Required...

WordPress Popup Builder Plugin < 1.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 1.1.33 Fixed in 1.1.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c56e5abe41cb Credits Eunho Kim Required privile...

WordPress Easy Digital Downloads – Recent Purchases Plugin <= 1.0.2 is vulnerable to Remote File Inclusion

Software Easy Digital Downloads – Recent Purchases Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-35629 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 23e0c1b90e02 Credits YCInfosec Require...

WordPress Web Directory Free Plugin < 1.7.0 is vulnerable to SQL Injection

Software Web Directory Free Type Plugin Vulnerable versions 1.7.0 Fixed in 1.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3552 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 93c3a72f236f Credits Simone Onofri Kim Cerra Andrea De Dominicis...

WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Contact Form 7 and Constant Contact Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35632 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Primary Addon for Elementor Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5229 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e45d83fa375c Credits stealthcopte...

WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f253e02e4fa4 Credits Sławomir...

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

WordPress WP Go Maps Plugin <= 9.0.36 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.36 Fixed in 9.0.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3557 Patch priority Low CVSS severity Low 6.5 Developer WP Go Maps PSID 5d4346327305 Credits Thanh Nam Tran Required privileg...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

WordPress WP Photo Album Plus Plugin <= 8.7.00.003 is vulnerable to Content Injection

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.00.003 Fixed in 8.7.00.004 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4037 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c20c334a973 Credits stealthcopter Required...