WordPress Jotform Online Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jotform Online Forms Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32527 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eac99777a8f Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment Plugin <= 2.6.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Appointment Bookings for Zoom GoogleMeet and more – Wappointment Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32454 Patch priority Low CVSS severity Low 4.4 Developer...

WordPress InstaWP Connect Plugin <= 0.1.0.22 is vulnerable to Arbitrary File Upload

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.22 Fixed in 0.1.0.23 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2667 Patch priority High CVSS severity High 10 Developer InstaWP PSID 6dfa02024fd7 Credits AtaTurk1925 Required privilege...

WordPress Asgaros Forum Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Asgaros Forum Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32440 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4d6dad870cc9 Credits Ananda Dhakal...

WordPress SEO Booster Plugin <= 3.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software SEO Booster Type Plugin Vulnerable versions = 3.8.9 Fixed in 3.8.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-32438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3512a5ab10e4 Credits Joshua Chan Required privile...

WordPress Remove Footer Credit Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Remove Footer Credit Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32429 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 27a2181f0b9d Credits savphill Required privilege...

WordPress Jobs for WordPress Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32149 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8a1acfb2c60 Credits Khalid Yusuf Required privile...

WordPress Podlove Podcast Publisher Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32143 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID fc4ae0b13cd1 Credits Abdi Pranata...

WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Libsyn Publisher Hub Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-32140 Patch priority Low CVSS severity Low 6.5 Developer Libsyn PSID c49fa24f0e59 Credits CatFather Required privilege...

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to SQL Injection

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32137 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2210c42a0a13 Credits Dave Jong Patchstack Required privilege...

WordPress BWL Advanced FAQ Manager Plugin <= 2.0.3 is vulnerable to SQL Injection

Software BWL Advanced FAQ Manager Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32136 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3156ca152b4d Credits Ivan Spiridonov Required privilege...

WordPress CBX Bookmark & Favorite Plugin <= 1.7.20 is vulnerable to SQL Injection

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.20 Fixed in 1.7.21 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32132 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 07995252cb06 Credits Muhammad Daffa Required privilege...

WordPress Download Manager Plugin <= 3.2.82 is vulnerable to Bypass Vulnerability

Software Download Manager Type Plugin Vulnerable versions = 3.2.82 Fixed in 3.2.83 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-32131 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d970a3e505ee Credits Liu Shaohong Required...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to SQL Injection

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32128 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID df09fa02a23c Credits Joshua Chan Required privilege...

WordPress Find Duplicates Plugin <= 1.4.6 is vulnerable to SQL Injection

Software Find Duplicates Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32127 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 52116cf54a22 Credits Le Ngoc Anh Required privilege Subscriber Publish...

WordPress BA Book Everything Plugin <= 1.6.4 is vulnerable to SQL Injection

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32125 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d47407126364 Credits Thanh Nam Tran Required privilege Contributor...

WordPress Easy Contact Form Lite Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Easy Contact Form Lite Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1074c1b0d54 Credits Abdi Pranata Required privile...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...

WordPress BEAF Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software BEAF Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32433 Patch priority Low CVSS severity Low 4.3 Developer Themefic PSID 289a94720dc1 Credits Dhabaleshwar Das Required privilege...

WordPress Legal Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Legal Pages Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32451 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4f155bb44624 Credits Dhabaleshwar Das Requir...