WordPress Startklar Elementor Addons Plugin <= 1.7.13 is vulnerable to Arbitrary File Deletion

Software Startklar Elementor Addons Type Plugin Vulnerable versions = 1.7.13 Fixed in 1.7.14 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-4346 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID ae9a780a26b1 Credits István Márton...

WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)

Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...

WordPress Testimonial Slider Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Slider Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4193 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c9e113bbfe1 Credits Krzysztof Zając...

WordPress Simple Membership Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.5 Fixed in 4.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4383 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 39626d5eed25 Credits wesley wcraft Required...

WordPress Folders Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Folders Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3868 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a2c21957d7e5 Credits mike harris Required...

WordPress SimpleShop Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software SimpleShop Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c9901697dc3 Credits Francesco Carlucci...

SUSE CVE-2024-26937

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

WordPress PropertyHive Plugin <= 2.0.10 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34381 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b461efce659 Credits LVT-tholv2k Required privilege...

WordPress Robo Gallery Plugin <= 3.2.18 is vulnerable to Sensitive Data Exposure

Software Robo Gallery Type Plugin Vulnerable versions = 3.2.18 Fixed in 3.2.19 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-34382 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fc1d04a11044 Credits Peng Zhou Required privilege...

WordPress Conversational Forms for ChatBot Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34380 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04a3b48cf9af Credits Jean Tirstan T Requir...

WordPress Restaurant and Cafe Theme <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Restaurant and Cafe Type Theme Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97da5caaa5b4 Credits Dhabaleshwar Das...

WordPress SEOPress Plugin <= 7.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software SEOPress Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-34383 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7ca57d342ecd Credits Peng Zhou Required...

WordPress Mooberry Book Manager Plugin <= 4.15.12 is vulnerable to Sensitive Data Exposure

Software Mooberry Book Manager Type Plugin Vulnerable versions = 4.15.12 Fixed in 4.15.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-34368 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8048e91588cf Credits Steven Julian...

WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b56a67a53737 Credits stealthcopter Required...

WordPress Download Alt Text AI Plugin <=1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Download Alt Text AI Type Plugin Vulnerable versions =1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34366 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 15bd973c927c Credits Manab Jyoti Dowarah Required...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...

WordPress Counter Box Plugin < 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Counter Box Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3481 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8cd9da8dd3bb Credits Bob Matyas Required...

WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress Float menu Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Float menu Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 80605a5ac1fe Credits Erwan LR WPScan Required...