WordPress YITH WooCommerce Ajax Search Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Ajax Search Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4455 Patch priority High CVSS severity High 7.1 Developer YITH PSID cdafc8b37008 Credits Krzysztof Zając...

WordPress EmbedPress Plugin <= 3.9.12 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.9.12 Fixed in 3.9.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1803 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 58b21d9fa99a Credits WordFence Required privilege...

WordPress Spectra Plugin <= 2.13.0 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4366 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e05306d8c6c Credits Ngô Thiên An ancorn Required...

WordPress Similarity Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Similarity Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3972 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3941fac517e1 Credits Bob Matyas Required privilege...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.107 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.107 Fixed in 1.5.108 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4779 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 2c76236c1b5c...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3711 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a9b9ee44fc3 Credits Lucio Sá Required privilege Contributo...

WordPress wpDataTables Plugin <= 3.4.2.12 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.12 Fixed in 3.4.2.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4895 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 468050b27d74 Credits Tim Coen Requir...

WordPress FluentForm Plugin <= 5.1.15 is vulnerable to PHP Object Injection

Software FluentForm Type Plugin Vulnerable versions = 5.1.15 Fixed in 5.1.16 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4157 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 3330782fcf1c Credits Tobias Weißhaar kun19 Required privilege...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

WordPress LuckyWP Table of Contents Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 31a9748ffaa2 Credits Ivan Kuzymchak...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Sensitive Data Exposure

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2088 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3f1f558bcdc3 Credits Colin Xu Required privilege...

WordPress WP Font Awesome Share Icons Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Font Awesome Share Icons Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3198 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8224cc2ac039 Credits Lucio Sá...

WordPress WP Scraper Plugin <= 5.7 is vulnerable to Broken Access Control

Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3663 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a3b87c193df Credits Lucio Sá Required privilege Subscriber...

WordPress LearnPress Plugin <= 4.2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.6 Fixed in 4.2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4971 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff054c167 Credits stealthcopter Required...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2ec0a790f20 Credits Le Ngoc Anh...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1762 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c09536c816a Credits Piotr Kuśpit Required...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3518 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fe78e3bb0aff Credits Thanh Nam Tran Required privilege Contributo...

CVE-2023-52734

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-52734

CVE-2023-52734 entry is rejected by the CVE Numbering Authority and not a current vulnerability.