WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-30460 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c704327afb62 Credits Majed Refaea...

WordPress GamiPress Plugin <= 6.8.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software GamiPress Type Plugin Vulnerable versions = 6.8.5 Fixed in 6.8.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-30455 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7284ec56cbcf Credits Ananda Dhakal Patchstack Requir...

WordPress Booking Activities Plugin <= 1.15.19 is vulnerable to Cross Site Scripting (XSS)

Software Booking Activities Type Plugin Vulnerable versions = 1.15.19 Fixed in 1.15.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30449 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43939ea4135f Credits Jean Tirstan T Required...

WordPress GS Testimonial Slider Plugin <= 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software GS Testimonial Slider Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30443 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1861dbb8a0e2 Credits LVT-tholv2k Required privilege...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30442 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88e9753be091 Credits savphill Required privilege...

WordPress Themify Event Post Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Themify Event Post Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30440 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d185b777884 Credits Dhabaleshwar Das Required privilege...

WordPress Events Manager Plugin <= 6.4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.1 Fixed in 6.4.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5294cf8d915 Credits Tim Coen Required...

WordPress Meta Tag Manager Plugin <= 3.0.2 is vulnerable to PHP Object Injection

Software Meta Tag Manager Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1770 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID e36fbb9c63ac Credits Francesco Carlucci Required privilege...

WordPress SellKit Plugin <= 1.8.1 is vulnerable to Arbitrary File Download

Software SellKit Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-30509 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 931911cd5460 Credits stealthcopter Required...

WordPress Contest Gallery Plugin <= 24.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.3 Fixed in 24.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30428 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID 36b896a600a2 Credits Dimas Maulana Required...

WordPress Elementor Addon Elements Plugin <= 1.13.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.1 Fixed in 1.13.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30422 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID 6bbfb63942b1 Credits Khalid Yusuf Required privilege...

WordPress Social Icons Widget & Block by WPZOOM Plugin <= 4.2.15 is vulnerable to Broken Access Control

Software Social Icons Widget & Block by WPZOOM Type Plugin Vulnerable versions = 4.2.15 Fixed in 4.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30464 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 49894ab6e8af Credits Rafie...

WordPress PageLayer Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software PageLayer Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30465 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc48f4fa9379 Credits Rafie Muhammad Patchstack Required...

WordPress Elementor Addon Elements Plugin <= 1.13.2 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.2 Fixed in 1.13.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2792 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID ba0e36a92b8e Credits wesley wcraft Require...

WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30461 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98402ce486d0 Credits Majed...

WordPress Media Library Folders Plugin <= 8.1.7 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.1.7 Fixed in 8.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30486 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 07c50fa94bf4 Credits Le Ngoc Anh Required privilege Author...

WordPress Events Manager Plugin <= 6.4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.1 Fixed in 6.4.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a9d596e2f02f Credits Tim Coen Required...

WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...

WordPress CMP – Coming Soon & Maintenance Plugin <= 4.1.10 is vulnerable to Server Side Request Forgery (SSRF)

Software CMP – Coming Soon & Maintenance Type Plugin Vulnerable versions = 4.1.10 Fixed in 4.1.11 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-50374 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID...

WordPress Link Whisper Free Plugin <= 0.7.1 is vulnerable to PHP Object Injection

Software Link Whisper Free Type Plugin Vulnerable versions = 0.7.1 Fixed in 0.7.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2693 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 1e82ed02e277 Credits Francesco Carlucci Required privile...