WordPress Conversios.io Plugin <= 7.0.7 is vulnerable to SQL Injection

Software Conversios.io Type Plugin Vulnerable versions = 7.0.7 Fixed in 7.0.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1203 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 047c3aed63ee Credits Krzysztof Zając Required privilege Subscriber...

WordPress Quiz And Survey Master Plugin <= 8.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27966 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b39b4217a315 Credits Marzieh Hashemi Required...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

WordPress Related Posts for WordPress Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Related Posts for WordPress Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0592 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5ec281512 Credits Krzyszto...

WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2015-10130 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e4875511ed9 Credit...

WordPress Prime Slider – Addons For Elementor Plugin <= 3.13.2 is vulnerable to Cross Site Scripting (XSS)

Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.13.2 Fixed in 3.13.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f2721cd17ac Credits...

WordPress Pie Register Plugin <= 3.8.3.2 is vulnerable to Arbitrary File Upload

Software Pie Register Type Plugin Vulnerable versions = 3.8.3.2 Fixed in 3.8.3.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-27957 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a371b236f7d1 Credits Rafie Muhammad Patchstack Required...

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.8 Fixed in 2.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27953 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 036319de798f...

WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection

Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...

WordPress Web Application Firewall – website security Plugin <= 2.1.1 is vulnerable to Privilege Escalation

Software Web Application Firewall – website security Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 079a85617a7b Credits...

WordPress Burst Statistics Plugin <= 1.5.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Burst Statistics Type Plugin Vulnerable versions = 1.5.6.1 Fixed in 1.5.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1894 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ddeadfac1606 Credits Webbernaut Required...

WordPress Easy Social Feed Plugin <= 6.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.4 Fixed in 6.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1214 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7cd784da6bf Credits Eldar Zeynalli...

WordPress LadiApp Plugin <= 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software LadiApp Type Plugin Vulnerable versions = 4.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e10faf3494b Credits GiongfNef Required privilege...

WordPress Formidable Registration Plugin < 2.12 is vulnerable to Broken Authentication

Software Formidable Registration Type Plugin Vulnerable versions 2.12 Fixed in 2.12 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-1290 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID de229a590aad Credits Scott Kingsley Clark...

WordPress WP Statistics Plugin <= 14.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Statistics Type Plugin Vulnerable versions = 14.5 Fixed in 14.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2194 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2615a6c0c9 Credits Tim Coen Required...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin <= 4.21.96 is vulnerable to Remote Code Execution (RCE)

Software Anti-Malware Security and Brute-Force Firewall Type Plugin Vulnerable versions = 4.21.96 Fixed in 4.23.56 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-22144 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 7fc7064849ae Credits...

WordPress WP Go Maps Plugin <= 9.0.32 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.32 Fixed in 9.0.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1582 Patch priority Low CVSS severity Low 6.5 Developer WP Go Maps PSID 69b3a77b21e0 Credits Richard Telleng stueotue Require...