WordPress Management App for WooCommerce Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Management App for WooCommerce Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1205 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4f48ec18525e Credits Lucio Sá Required privile...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.7 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.7 Fixed in 1.6.7.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 36408cb83a66 Credits Krzysztof Zając Required privileg...

WordPress Invitation Code Content Restriction Plugin from CreativeMinds Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Invitation Code Content Restriction Plugin from CreativeMinds Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4965 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

WordPress Avada Theme <= 7.11.6 is vulnerable to Sensitive Data Exposure

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2340 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bc2cd20cbb75 Credits Muhammad Zeeshan Xib3rR4dAr Require...

WordPress WooCommerce Cloak Affiliate Links Plugin <= 1.0.33 is vulnerable to Broken Access Control

Software WooCommerce Cloak Affiliate Links Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1308 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 86ffc05e045a Credits Francesc...

WordPress Social Media Share Buttons Plugin <= 2.1.0 is vulnerable to PHP Object Injection

Software Social Media Share Buttons Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2721 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 6b7330720e7c Credits Dimas Maulana Required privilege...

WordPress Weglot Translate Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff81bdc0a325 Credits Ngô Thiên An ancorn -...

WordPress Smart Custom Fields Plugin <= 4.2.2 is vulnerable to Broken Access Control

Software Smart Custom Fields Type Plugin Vulnerable versions = 4.2.2 Fixed in 5.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1995 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 99da3594bae9 Credits Lucio Sá Required privileg...

WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Broken Access Control

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2702 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 277d1e4e3b86 Credits Yudistira Arya...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0df0ba101fff Credits Lucio Sá...

WordPress Fancy Product Designer Plugin < 6.1.5 is vulnerable to SQL Injection

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0365 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8a2fcc7e3e05 Credits Ivan Spiridonov Required privilege...

WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2538 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 50143df9543f Credits Muhammad Zeeshan...

WordPress Team Members Plugin < 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions 5.3.2 Fixed in 5.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1331 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fdcd0cb6fba4 Credits Dmitrii Ignatyev Required...

WordPress s2Member Pro Plugin <= 230815 is vulnerable to Sensitive Data Exposure

Software s2Member Pro Type Plugin Vulnerable versions = 230815 Fixed in 240315 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0899 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2b01d6ca4fd7 Credits Francesco Carlucci Required...

WordPress Ultimate Gift Cards For WooCommerce Plugin <= 2.6.6 is vulnerable to Broken Access Control

Software Ultimate Gift Cards For WooCommerce Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1857 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac4726115ec6 Credits Krzysztof...

WordPress Backuply – Backup, Restore, Migrate and Clone Plugin <= 1.2.7 is vulnerable to Directory Traversal

Software Backuply – Backup, Restore, Migrate and Clone Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-2294 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 06eccdaade5a Credits Da...

WordPress Everest Forms Plugin <= 2.0.7 is vulnerable to Server Side Request Forgery (SSRF)

Software Everest Forms Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1812 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 113a534a2c9d Credits hir0ot Required privilege...

WordPress Simple Job Board Plugin <= 2.11.0 is vulnerable to PHP Object Injection

Software Simple Job Board Type Plugin Vulnerable versions = 2.11.0 Fixed in 2.11.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1813 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0f7bf0484277 Credits Francesco Carlucci Required privilege...

WordPress MyCurator Content Curation Plugin <= 3.76 is vulnerable to Cross Site Scripting (XSS)

Software MyCurator Content Curation Type Plugin Vulnerable versions = 3.76 Fixed in 3.77 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29139 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5416935cfa3 Credits LVT-tholv2k Required...

WordPress Better Search Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Better Search Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29142 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8395a45f6b09 Credits Abdi Pranata Required privilege...