WordPress Event Tickets Plugin <= 5.8.2 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2261 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID 4127cd4a2b13 Credits Tim Coen Required privile...

WordPress RegistrationMagic Plugin <= 5.3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.0.0 Fixed in 5.3.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-2951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d9399326561 Credits Joshua Chan Required...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.11 Fixed in 5.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 33b39d3a1006 Credits Rafie Muhammad...

WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control

Software Max Mega Menu Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ddcba15780a Credits Rafie Muhammad Patchstack Require...

WordPress Colibri Page Builder Plugin <= 1.0.248 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.248 Fixed in 1.0.249 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28004 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13159cde48e3 Credits Rafie Muhammad...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...

WordPress Contact Form to Any API Plugin <= 1.1.8 is vulnerable to SQL Injection

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30242 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f2d596609a9a Credits Le Ngoc Anh Required privilege Subscrib...

WordPress Slider by Supsystic Plugin <= 1.8.10 is vulnerable to SQL Injection

Software Slider by Supsystic Type Plugin Vulnerable versions = 1.8.10 Fixed in 1.8.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30237 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6fa97cac7811 Credits Jean Tirstan T Required privilege...

WordPress Easy Textillate Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Easy Textillate Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2fef30ce1b2 Credits Tien Luong Required...

WordPress Hercules Core Plugin <= 6.4 is vulnerable to PHP Object Injection

Software Hercules Core Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30228 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f62f114ea206 Credits Dave Jong Patchstack Required privilege...

WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to PHP Object Injection

Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30227 Patch priority High CVSS severity High 9 Developer Claim ownership PSID d77f0684feba Credits LVT-tholv2k Required privilege...

WordPress WP Migrate Plugin <= 2.6.10 is vulnerable to PHP Object Injection

Software WP Migrate Type Plugin Vulnerable versions = 2.6.10 Fixed in 2.6.11 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6b6e8d810b6a Credits Dave Jong Patchstack Required privilege...

WordPress Media Library Assistant Plugin <= 3.13 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2871 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 35f3b6344141 Credits stealthcopter Required privilege Contributor...

WordPress Real Media Library Lite Plugin <= 4.22.7 is vulnerable to Cross Site Scripting (XSS)

Software Real Media Library Lite Type Plugin Vulnerable versions = 4.22.7 Fixed in 4.22.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2027 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 04ccee33aae6 Credits Ngô Thiên An...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.1.4 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-29100 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID cd77a38bda8f Credits Rafie Muhammad Patchstac...

WordPress Contest Gallery Plugin <= 21.3.4 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.4 Fixed in 21.3.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30236 Patch priority Low CVSS severity Low 8.5 Developer Wasiliy Strecker PSID 03348ec935e2 Credits Emili Castells Required privilege Contributor...

WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cea17ebc47f Credits Majed Refaea Required privilege Subscribe...