WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress Top Bar Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Top Bar Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1660 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c5d854410a5 Credits Dmitrii Ignatyev Required privileg...

WordPress WP Poll Maker Plugin <= 3.4 is vulnerable to Arbitrary File Upload

Software WP Poll Maker Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32514 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 5f238f52b673 Credits Yudistira Arya Required privilege Subscriber...

WordPress Product Feed PRO for WooCommerce Plugin <= 13.3.1 is vulnerable to Sensitive Data Exposure

Software Product Feed PRO for WooCommerce Type Plugin Vulnerable versions = 13.3.1 Fixed in 13.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-32513 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 20d6ccb380e3 Credits...

WordPress WooCommerce Customers Manager Plugin < 29.7 is vulnerable to SQL Injection

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.7 Fixed in 29.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0399 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3c8fe0630d48 Credits Ivan Spiridonov Required privilege...

WordPress Everest Backup Plugin < 2.2.5 is vulnerable to Arbitrary File Upload

Software Everest Backup Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-7201 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e4434e41add7 Credits Emad Required privilege Administrator Publish...

WordPress DethemeKit For Elementor Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c3d2d2de543b Credits Khalid Yusuf Required privile...

WordPress Login with phone number Plugin <= 1.7.16 is vulnerable to Privilege Escalation

Software Login with phone number Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-32507 Patch priority High CVSS severity High 8.8 Developer Hamid Alinia PSID e4775c75d080 Credits Emili Castells Requir...

WordPress Radio Player Plugin <= 2.0.73 is vulnerable to Sensitive Data Exposure

Software Radio Player Type Plugin Vulnerable versions = 2.0.73 Fixed in 2.0.74 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32506 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4e6e2407c28d Credits Steven Julian Required...

WordPress Advanced Post Block - Post Grid for WordPress block editor Plugin <= 1.13.4 is vulnerable to Broken Access Control

Software Advanced Post Block - Post Grid for WordPress block editor Type Plugin Vulnerable versions = 1.13.4 Fixed in 1.13.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0908 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...

WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...

WordPress BMI Adult & Kid Calculator Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software BMI Adult & Kid Calculator Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-32550 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 6c58017d5b00 Credits Faizal Abroni Required privile...

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

WordPress Canva – Design beautiful blog graphics Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Canva – Design beautiful blog graphics Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32545 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 803f9df04167 Credits Dimas Maula...

WordPress NPS computy Plugin < 2.7.6 is vulnerable to Cross Site Scripting (XSS)

Software NPS computy Type Plugin Vulnerable versions 2.7.6 Fixed in 2.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1754 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3449f6b4bc3 Credits Bob Matyas Required privilege...

WordPress Carousel Slider Plugin < 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.7 Fixed in 2.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1712 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be0c9e02881f Credits Dmitrii Ignatyev Required...

WordPress Inline Related Posts Plugin < 3.6.0 is vulnerable to Broken Access Control

Software Inline Related Posts Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c2f0b627f547 Credits Krzysztof Zając CERT PL...

WordPress MJ Update History Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software MJ Update History Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32543 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f5d10b529f0 Credits Dimas Maulana Required privilege...

WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control

Software Smart Slider 3 Type Plugin Vulnerable versions = 3.5.1.22 Fixed in 3.5.1.23 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3027 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c46698c777af Credits Christiaan Swiers YouGina...