WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

WordPress Calendarista Plugin <= 15.5.7 is vulnerable to SQL Injection

Software Calendarista Type Plugin Vulnerable versions = 15.5.7 Fixed in 15.5.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30240 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c87b524aa9f2 Credits Ivan Spiridonov Required privilege Subscriber...

WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2121 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 384f5531d486 Credits wesley wcraft Required privilege...

WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1364 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID e0fb22528db4 Credits wesley wcraft Required privilege...

WordPress Ajax Load More Plugin <= 7.0.1 is vulnerable to Directory Traversal

Software Ajax Load More Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-1790 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 0e28f3a7fca4 Credits Hoa Le Ngoc lengochoa Required privilege...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29906 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 19338c850285 Credits...

WordPress Podlove Podcast Publisher Plugin <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29915 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b5b45e01eae Credits Dimas Maulana Require...

WordPress Premium Packages Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29924 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fd83d5609f73 Credits Yudistira Arya Required privile...

WordPress Stratum Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software Stratum Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d8d138923e6 Credits Khalid Yusuf Required privilege Contributor...

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.8 is vulnerable to Cross Site Scripting (XSS)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.8 Fixed in 6.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3615c0b97947 Credits Steven Julian...

WordPress CM Download Manager Plugin < 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Download Manager Type Plugin Vulnerable versions 2.9.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1232 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 53bfb88d3fb3 Credits Sushmita Poudel...

WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection

Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2025 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6110ece7c17e Credits Francesco Carlucci Required privilege Subscrib...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.01 Fixed in 2.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29791 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bea274e4e958 Credits Le Ngoc Anh Requir...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255b07899e6d Credits Ngô Thiên An ancorn from VNPT-V...

WordPress WP Directory Kit Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29774 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c316cffe9a7e Credits Dimas Maulana Required privileg...

WordPress MyBookTable Bookstore Plugin <= 3.3.7 is vulnerable to Cross Site Scripting (XSS)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.7 Fixed in 3.3.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-29772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4a056c5d251 Credits CatFather Required...

WordPress Portfolio Gallery – Image Gallery Plugin Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Portfolio Gallery – Image Gallery Plugin Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29769 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 67413237e077 Credits LVT-tholv2k...

WordPress Off-Canvas Sidebars & Menus (Slidebars) Plugin <= 0.5.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Off-Canvas Sidebars & Menus Slidebars Type Plugin Vulnerable versions = 0.5.8.1 Fixed in 0.5.8.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29762 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aaadebb866ec Credits LVT-tholv2k...

WordPress Co-marquage service-public.fr Plugin <= 0.5.72 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.72 Fixed in 0.5.73 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29758 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54a2401a71ec Credits Yudistira Arya...

WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...