WordPress WooCommerce Clover Payment Gateway Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WooCommerce Clover Payment Gateway Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c0aefba99a Credits Francesco...

WordPress New RoyalSlider Plugin <= 3.4.2 is vulnerable to Cross Site Scripting (XSS)

Software New RoyalSlider Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30195 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 586b18a145b1 Credits Rafie Muhammad Patchstack Requir...

WordPress Youzify Buddypress Moderation Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Youzify Buddypress Moderation Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2864 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 8372e235157d Credits Esteban Segura Ripoll...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.24 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.24 Fixed in 4.5.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29795 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress SEOPress Plugin <= 7.5.2.1 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions = 7.5.2.1 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2165 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b92e3ab1041a Credits Ngô Thiên An ancorn - VNPT-VCI ...

WordPress WP Go Maps Plugin <= 9.0.29 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.29 Fixed in 9.0.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29931 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID ec3cfcab7699 Credits Rafie Muhammad Patchstack Required...

WordPress Schema Pro Plugin < 2.7.16 is vulnerable to Broken Access Control

Software Schema Pro Type Plugin Vulnerable versions 2.7.16 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1564 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68dac5194d9b Credits Scott Kingsley Clark Required...

WordPress FlatPM Plugin < 3.1.05 is vulnerable to Cross Site Scripting (XSS)

Software FlatPM Type Plugin Vulnerable versions 3.1.05 Fixed in 3.1.05 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 707de1bb10ec Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Sunshine Photo Cart Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Sunshine Photo Cart Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30194 Patch priority Medium CVSS severity Medium 7.1 Developer WP Sunshine PSID fc4e8435fb65 Credits Dimas Maulana Required privilege...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29932 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 391da759025d Credits Yudisti...

WordPress Church Admin Plugin <= 4.1.17 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.1.17 Fixed in 4.1.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30193 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID 239d5fd65793 Credits CatFather Required privilege...

WordPress WordPress Importer Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Importer Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30201 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 79212c825fed Credits Dimas Maulana Required...

WordPress Locatoraid Store Locator Plugin <= 3.9.30 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.30 Fixed in 3.9.31 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30181 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f59c57fd908e Credits Joshua Chan Required...

WordPress Easy Property Listings Plugin <= 3.5.2 is vulnerable to SQL Injection

Software Easy Property Listings Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1893 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 741d2179a015 Credits Krzysztof Zając Required privilege...

WordPress Memberpress Plugin <= 1.11.26 is vulnerable to Cross Site Scripting (XSS)

Software Memberpress Type Plugin Vulnerable versions = 1.11.26 Fixed in 1.11.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1412 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44159653a377 Credits Jamie Perrelet...

WordPress WP Compress – Image Optimizer [All-In-One] Plugin <= 6.11.10 is vulnerable to Broken Access Control

Software WP Compress – Image Optimizer All-In-One Type Plugin Vulnerable versions = 6.11.10 Fixed in 6.11.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1934 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID c01c5919ea5a Credits...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0957 Patch priority Medium CVSS severity Medium 7.1 Developer...

WordPress 360 Javascript Viewer Plugin <= 1.7.12 is vulnerable to Broken Access Control

Software 360 Javascript Viewer Type Plugin Vulnerable versions = 1.7.12 Fixed in 1.7.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1637 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcec8398ba12 Credits Lucio Sá Required...

WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.76 is vulnerable to Sensitive Data Exposure

Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.76 Fixed in 3.3.77 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2080 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...