WordPress Elevate WP Theme <= 1.0.15 is vulnerable to Broken Access Control

Software Elevate WP Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b361a992792d Credits Dhabaleshwar Das Required privile...

WordPress MainWP Child Reports Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33680 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2150654abae2 Credits Brandon Roldan...

WordPress Call Now Button Plugin < 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Call Now Button Type Plugin Vulnerable versions 1.4.7 Fixed in 1.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2908 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1848a4a46e87 Credits Dikshita Trivedi...

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

WordPress PPOM for WooCommerce Plugin <= 32.0.18 is vulnerable to Arbitrary File Upload

Software PPOM for WooCommerce Type Plugin Vulnerable versions = 32.0.18 Fixed in 32.0.19 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3962 Patch priority High CVSS severity High 10 Developer Claim ownership PSID e45867d8f81a Credits andrea bocchetti Required...

WordPress WP SMTP Plugin 1.2 - 1.2.6 is vulnerable to SQL Injection

Software WP SMTP Type Plugin Vulnerable versions 1.2 - 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1789 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cf0dba8db665 Credits Christiaan Swiers YouGina Required privilege...

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

WordPress Backup Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8830eaae290 Credits Dhabaleshwar Das Required...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress Fancy Product Designer Plugin < 6.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.8 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0905 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fb94dea6052 Credits Bob Matyas...

WordPress Photology Theme <= 1.1.3 is vulnerable to Broken Access Control

Software Photology Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29f6cff8157b Credits Dhabaleshwar Das Required privilege...

WordPress SSL Mixed Content Fix Plugin <= 3.2.6 is vulnerable to Broken Access Control

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11237d78fd75 Credits Dhabaleshwar Das Requir...

WordPress Accountra Theme <= 1.0.3 is vulnerable to Broken Access Control

Software Accountra Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56009c31f7f6 Credits Dhabaleshwar Das Required privilege...

WordPress Zeever Theme <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zeever Type Theme Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 920f9a11d3ed Credits Dhabaleshwar Das Required...

WordPress Duplicate Post Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Duplicate Post Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8977e93ea85 Credits Dhabaleshwar Das Required...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...

WordPress Customify Site Library Plugin <= 0.0.9 is vulnerable to Remote Code Execution (RCE)

Software Customify Site Library Type Plugin Vulnerable versions = 0.0.9 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Remote Code Execution RCE CVE CVE-2024-33644 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4794ee1ad1c4 Credits Abdi Pranata...

WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...

WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...