WordPress Easy Accept Payments Plugin <= 4.9.10 is vulnerable to Broken Access Control

Software Easy Accept Payments Type Plugin Vulnerable versions = 4.9.10 Fixed in 5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33591 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID dc8baebcdbf1 Credits Joshua Chan Required...

WordPress Knowledge Base documentation & wiki plugin – BasePress Plugin <= 2.16.1 is vulnerable to Broken Access Control

Software Knowledge Base documentation & wiki plugin – BasePress Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33588 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...

WordPress WPPizza Plugin <= 3.18.10 is vulnerable to Broken Access Control

Software WPPizza Type Plugin Vulnerable versions = 3.18.10 Fixed in 3.18.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d7917e7b15a2 Credits Majed Refaea Required...

WordPress EPROLO Dropshipping Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software EPROLO Dropshipping Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33573 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5b21a303f43 Credits Abdi Pranata Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to SQL Injection

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33559 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0996b4472188 Credits Rafie Muhammad Patchstack Required privilege...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Local File Inclusion

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33557 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 942a9619d048 Credits Rafie Muhammad Patchstack Required privilege...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Broken Access Control

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33547 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0e636c441e01 Credits Rafie Muhammad Patchstack Required...

WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...

WordPress Better Elementor Addons Plugin <= 1.4.1 is vulnerable to Local File Inclusion

Software Better Elementor Addons Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-33541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62efde4398ca Credits Ray Wilson Required...

WordPress Assistant – Every Day Productivity Apps Plugin <= 1.4.9.1 is vulnerable to Sensitive Data Exposure

Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions = 1.4.9.1 Fixed in 1.4.9.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-33538 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Blocksy Theme <= 2.0.39 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.39 Fixed in 2.0.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3747 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 3ec8e6a91460 Credits Ngô Thiên An ancorn Required...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

WordPress PropertyHive Plugin <= 2.0.12 is vulnerable to Broken Access Control

Software PropertyHive Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 20b9880edd45 Credits Lucio Sá Required privilege...

WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Privilege Escalation

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33569 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID d731bc7eedd6 Credits Rafie...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Arbitrary File Upload

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-33556 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 108b732f3dae Credits Rafie Muhammad Patchstack...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

WordPress XStore Theme <= 9.3.8 is vulnerable to Settings Change

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33564 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fefe041fa298 Credits Rafie Muhammad Patchstack Required privileg...

WordPress Solid Affiliate Plugin <= 1.9.1 is vulnerable to Sensitive Data Exposure

Software Solid Affiliate Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-33637 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 0610eeb4f1ac Credits Francois Harvey Required...

WordPress Recencio Book Reviews Plugin <= 1.66.0 is vulnerable to Cross Site Scripting (XSS)

Software Recencio Book Reviews Type Plugin Vulnerable versions = 1.66.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33648 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d6b95a95ae6 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3045 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d235421a1171...