WordPress Headline Analyzer Plugin <= 1.3.3 is vulnerable to Broken Access Control

Software Headline Analyzer Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32806 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 151865fc08d6 Credits Majed Refaea Required...

WordPress Widget Post Slider Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Widget Post Slider Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32801 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7032c0856ac3 Credits Joshua Chan Required privilege...

WordPress Hummingbird Plugin <= 3.7.3 is vulnerable to Broken Access Control

Software Hummingbird Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32792 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 9b701eb20e44 Credits Peng Zhou Required privilege...

WordPress Premium Addons for Elementor Plugin <= 4.10.25 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.25 Fixed in 4.10.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32791 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 5e608ef68f6a Credits Ray Wilson Required privileg...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

WordPress ProfileGrid Plugin <= 5.8.2 is vulnerable to Bypass Vulnerability

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-32774 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32476e3a5d62 Credits Kyle Sanchez Required privilege Subscrib...

WordPress BizPrint Plugin <= 4.3.39 is vulnerable to Broken Access Control

Software BizPrint Type Plugin Vulnerable versions = 4.3.39 Fixed in 4.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32777 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID c14f75079ee7 Credits Joshua Chan Required privilege...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress Frontend Dashboard Plugin <= 2.2.2 is vulnerable to Sensitive Data Exposure

Software Frontend Dashboard Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-32726 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f88db22e1e34 Credits Emili Castells...

WordPress Coupon & Discount Code Reveal Button Plugin <=1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Coupon & Discount Code Reveal Button Type Plugin Vulnerable versions =1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID abdf37204c70 Credits emad Required...

WordPress Appointment Hour Booking Plugin <= 1.4.56 is vulnerable to Other Vulnerability Type

Software Appointment Hour Booking Type Plugin Vulnerable versions = 1.4.56 Fixed in 1.4.57 OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2024-32720 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 228e58c3426d Credits Mochamad Sofyan...

WordPress SchedulePress Plugin <= 5.0.8 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7d1404ed0d5c Credits Majed Refaea Required...

WordPress StreamWeasels Twitch Integration Plugin <= 1.7.8 is vulnerable to Sensitive Data Exposure

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32716 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eec287347b22 Credits Majed Refa...

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...

WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...

WordPress Podlove Podcast Publisher Plugin <= 4.0.14 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.14 Fixed in 4.0.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32712 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 03f3d1e3ccd2 Credits LVT-tholv2k...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

WordPress The Pack Elementor addons Plugin <= 2.0.8.2 is vulnerable to Server Side Request Forgery (SSRF)

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.8.2 Fixed in 2.0.8.3 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32718 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 86389b782087...

WordPress BuddyForms Plugin <= 2.8.8 is vulnerable to Arbitrary File Download

Software BuddyForms Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32830 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID df4ae0005bef Credits Yudistira Arya Required privilege...

WordPress Email Customizer for WooCommerce Plugin <= 2.6.0 is vulnerable to Sensitive Data Exposure

Software Email Customizer for WooCommerce Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-32781 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bb85c76645da Credits Emili...