WordPress Shared Counts Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Shared Counts Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9dd902d0b809 Credits N/A Required privilege Unauthenticated...

WordPress Fancy Elementor Flipbox Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6fdd1efa32f5 Credits Khalid Yusuf Required privileg...

WordPress Zotpress Plugin <= 7.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.9 Fixed in 7.3.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34569 Patch priority Low CVSS severity Low 6.5 Developer Katie Seaborn PSID 7fcedeab8bd4 Credits LVT-tholv2k Required privilege Contributor...

WordPress Counter Up Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Counter Up Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34564 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0c39c66bb9f2 Credits LVT-tholv2k Required privilege Contributor...

WordPress Gold Addons for Elementor Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Gold Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34563 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ec8bc999d21 Credits Khalid Yusuf Required...

WordPress Move Addons for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34562 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 788c0e0d4eae Credits Khalid Yusuf Required...

WordPress Stockholm Theme <= 9.6 is vulnerable to Local File Inclusion

Software Stockholm Type Theme Vulnerable versions = 9.6 Fixed in 9.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34552 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 85b9ed51ce3f Credits Rafie Muhammad Patchstack Required privilege...

WordPress Stockholm Theme <= 9.6 is vulnerable to Local File Inclusion

Software Stockholm Type Theme Vulnerable versions = 9.6 Fixed in 9.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34551 Patch priority High CVSS severity High 9 Developer Claim ownership PSID ba79b1de262f Credits Rafie Muhammad Patchstack Required privilege...

WordPress SKT Addons for Elementor Plugin <=1.8 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions =1.8 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 346a6441540d Credits 4rCanJ0x! Required privilege...

WordPress WP Photo Album Plus Plugin <= 8.7.01.001 is vulnerable to Arbitrary File Upload

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.01.001 Fixed in 8.7.01.002 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31377 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6676bd224b42 Credits stealthcopter Required...

WordPress Better Elementor Addons Plugin <=1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Better Elementor Addons Type Plugin Vulnerable versions =1.4.4 Fixed in 1.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61226b685883 Credits 4rCanJ0x! Required privilege...

WordPress Himalayas Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Himalayas Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd02f673cbfe Credits stealthcopter Required privilege Contributor...

WordPress Content Blocks (Custom Post Widget) Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Content Blocks Custom Post Widget Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34566 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c437cf336c56 Credits Ngô Thiên An ancorn...

WordPress Corona Virus (COVID-19) Banner & Live Data Plugin <= 1.8.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Corona Virus COVID-19 Banner & Live Data Type Plugin Vulnerable versions = 1.8.0.3 Fixed in 1.8.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34429 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cdf584b63570 Credits Rayhan...

WordPress Brozzme Scroll Top Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Brozzme Scroll Top Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34426 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 40ba77316890 Credits Cronus Required privilege Administrat...

WordPress SliceWP Plugin <=1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software SliceWP Type Plugin Vulnerable versions =1.1.10 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34413 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c46a4aefe49b Credits Manab Jyoti Dowarah Required privilege...

WordPress raindrops Theme <= 1.600 is vulnerable to Cross Site Scripting (XSS)

Software raindrops Type Theme Vulnerable versions = 1.600 Fixed in 1.700 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34414 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d4e3ff80bd8c Credits stealthcopter Required privilege Contributor...

WordPress GDPR Compliance Plugin <= 1.2.5 is vulnerable to Sensitive Data Exposure

Software GDPR Compliance Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-34388 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 2bd47e434b7c Credits CatFather Required...

WordPress Auto Affiliate Links Plugin <= 6.4.3.1 is vulnerable to SQL Injection

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3.1 Fixed in 6.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-34386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 901e8da7d177 Credits Do Truong Giang Required privilege Editor...

WordPress Yoast SEO Plugin <= 22.5 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO Type Plugin Vulnerable versions = 22.5 Fixed in 22.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4041 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ed891028ded Credits Bassem Essam Required...