WordPress CBX Bookmark & Favorite Plugin <= 1.7.20 is vulnerable to Cross Site Scripting (XSS)

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.20 Fixed in 1.7.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32577 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c797afa81115 Credits LVT-tholv2k Required privile...

WordPress Cornerstone Plugin <= 0.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cornerstone Type Plugin Vulnerable versions = 0.8.0 Fixed in 0.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32570 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f61c07b03ab5 Credits Rafie Muhammad Patchstack Required...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32562 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b69a38ab3f39 Credits Dave Jong Patchstack Required privilege...

WordPress HurryTimer Plugin <=2.9.2 is vulnerable to Cross Site Scripting (XSS)

Software HurryTimer Type Plugin Vulnerable versions =2.9.2 Fixed in 2.10.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32556 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3a1dca35035 Credits Joshua Chan Required privilege Contributor...

WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32551 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4e8128ffc035 Credits CatFather Required privilege Author...

WordPress WooCommerce Google Feed Manager Plugin <= 2.4.2 is vulnerable to SQL Injection

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3067 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7ac4b8e7f509 Credits Krzysztof Zając Required privilege...

WordPress Tainacan Interface Theme <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Tainacan Interface Type Theme Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3867 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dcbddfa32a84 Credits Matheus Nascimento de...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.14 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.14 Fixed in 5.7.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2876 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9b57a92f98bb Credits Arkadiusz Hydzik Required...

WordPress BA Book Everything Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32576 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aedca1bff1c3 Credits LVT-tholv2k Required privilege...

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...

WordPress WP Helper Premium Plugin < 4.6.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Helper Premium Type Plugin Vulnerable versions 4.6.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32595 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f98f0aa22fb Credits thiennv Required privilege...

WordPress DSGVO Youtube Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software DSGVO Youtube Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32596 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4169091c7562 Credits LVT-tholv2k Required privilege Contribut...

WordPress Backend Designer Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Backend Designer Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32591 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6752a98d119 Credits Cronus Required privilege Administrator...

WordPress Tagembed Plugin <= 4.7 is vulnerable to Cross Site Scripting (XSS)

Software Tagembed Type Plugin Vulnerable versions = 4.7 Fixed in 4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32561 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 040c708c0568 Credits LVT-tholv2k Required privilege Contributor...

WordPress WP-Recall Plugin <= 16.26.5 is vulnerable to Insecure Direct Object References (IDOR)

Software WP-Recall Type Plugin Vulnerable versions = 16.26.5 Fixed in 16.26.6 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3904a35f5abe Credits Kyle Sanchez...

WordPress Code Insert Manager (Q2W3 Inc Manager) Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Code Insert Manager Q2W3 Inc Manager Type Plugin Vulnerable versions = 2.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32547 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID c408b8a3e4fc Credits Dimas Maulana...

WordPress Bulk Block Converter Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Block Converter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32542 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 805efd09a347 Credits Dimas Maulana Required...

WordPress Jotform Online Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jotform Online Forms Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32527 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eac99777a8f Credits Ngô Thiên An ancorn from VNPT-VCI...