WordPress Borderless Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Borderless Type Plugin Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34757 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6690481ece90 Credits Khalid Yusuf Required privilege Contributor...

WordPress Sydney Toolbox Plugin <= 1.31 is vulnerable to Cross Site Scripting (XSS)

Software Sydney Toolbox Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4473 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1fd3834832c Credits Ngô Thiên An ancorn Require...

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.0.0 is vulnerable to Arbitrary File Upload

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32700 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4fb22828865e Credits LVT-tholv2k Required...

WordPress WP Discourse Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software WP Discourse Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4c4620868728 Credits Joshua Chan Required privilege...

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.4 is vulnerable to Broken Access Control

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.4 Fixed in 1.12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4745 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 632d49d4c2a4 Credits...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

WordPress Falang multilanguage Plugin <= 1.3.49 is vulnerable to Cross Site Scripting (XSS)

Software Falang multilanguage Type Plugin Vulnerable versions = 1.3.49 Fixed in 1.3.50 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4417 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f66544b43c9b Credits Benedictus Jovan...

WordPress Pods Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Pods Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3956 Patch priority Low CVSS severity Low 6.5 Developer Pods Framework PSID dfdffac18c6b Credits wesley wcraft Required privilege...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.103 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3547 Patch priority Medium CVSS severity Medium 7.1 Developer Unlimit...

WordPress Hotel Booking Lite Plugin <= 4.11.1 is vulnerable to PHP Object Injection

Software Hotel Booking Lite Type Plugin Vulnerable versions = 4.11.1 Fixed in 4.11.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4413 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f9d7cef7773f Credits Trinh Vu Sonicrrrr Required privilege...

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4277 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ad5ee25dcd1 Credits stealthcopter Required...

WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.20 is vulnerable to Broken Access Control

Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.20 Fixed in 2.7.21 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2f441ec415dc Credits...

WordPress CF7 WOW Styler Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34826 Patch priority Medium CVSS severity Medium 6.3 Developer Tobias PSID 6b711e00da8c Credits Dhabaleshwar Das Required privile...

WordPress Porto Theme - Functionality Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Porto Theme - Functionality Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05d6982e8315 Credits István Márton Required privileg...

WordPress Pure Chat Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS)

Software Pure Chat Type Plugin Vulnerable versions = 2.22 Fixed in 2.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3595 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ddb44562eab6 Credits Lucio Sá Required privileg...

WordPress Meow Gallery Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Meow Gallery Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff273a246878 Credits Krzysztof Zając Required...

WordPress Visual Footer Credit Remover Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Visual Footer Credit Remover Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2846 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 265b4eed7803 Credits 1337Wannabe...

WordPress XML Sitemap & Google News Plugin <= 5.4.8 is vulnerable to Local File Inclusion

Software XML Sitemap & Google News Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4441 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c001486d4aed Credits Foxyyy Required privilege...

WordPress Social Connect Plugin <= 1.2 is vulnerable to Privilege Escalation

Software Social Connect Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A8: Software and Data Integrity Failures Classification Privilege Escalation CVE CVE-2024-4393 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID cb56af432b5b Credits István Márton...

WordPress Ultimate Store Kit Elementor Addons Plugin <= 2.0.3 is vulnerable to PHP Object Injection

Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-4606 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 46e7a74eebcc Credits Ray Wilson Requir...