WordPress Mollie Forms Plugin <= 2.6.3 is vulnerable to Broken Access Control

Software Mollie Forms Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1400 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 216cfadafbb9 Credits Lucio Sá Required privilege...

WordPress Digits Plugin <= 8.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Digits Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d69a9fce5806 Credits István Márton Required...

WordPress EventPrime Plugin <= 3.4.2 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1123 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c2164132e177 Credits Lucio Sá Required privilege...

WordPress Colibri Page Builder Plugin <= 1.0.260 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.260 Fixed in 1.0.263 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ddfb3a20814b Credits HappyFunTime Required...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.32 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.32 Fixed in 2.10.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2126 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 112915e33a62 Credits wesley wcraft...

WordPress affiliate-toolkit Plugin <= 3.5.4 is vulnerable to Broken Access Control

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.5.4 Fixed in 3.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d859163539c3 Credits Lucio Sá Required privilege...

WordPress WooCommerce Add to Cart Custom Redirect Plugin <= 1.2.13 is vulnerable to Broken Access Control

Software WooCommerce Add to Cart Custom Redirect Type Plugin Vulnerable versions = 1.2.13 Fixed in 1.2.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1862 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c97532040847 Credits Luci...

WordPress PageLayer Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2127 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0658bd2623bb Credits wesley wcraft Required privile...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1169 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9cb60e0ebc18 Credits Lucio Sá Required privilege...

WordPress MasterStudy LMS Plugin <= 3.2.10 is vulnerable to Sensitive Data Exposure

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.10 Fixed in 3.2.11 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2106 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 809a15eb7a2b Credits Hiroho Shimada Required...

WordPress User Registration Plugin <= 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1720 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID f3574c07a0a6 Credits stealthcopter Required...

WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1170 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 07e9d4cd19c1 Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...

WordPress Premium Addons PRO Plugin <= 2.9.12 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.12 Fixed in 2.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d43c6fdfdb0b Credits wesley wcraft...

WordPress FluentForm Plugin <= 5.1.9 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.9 Fixed in 5.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6957 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac30a92484ee Credits drop Required privilege...

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.7 is vulnerable to PHP Object Injection

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2006 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ef206ea07872 Credits Francesco Carlucci...

WordPress Event Tickets Plugin < 5.8.1 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions 5.8.1 Fixed in 5.8.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1316 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID dbfa94357fe1 Credits Scott Kingsley Clark Requir...

thinkhealth.priorityhealth.com Improper Access Control vulnerability OBB-3864600

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Blue Triad EZAnalytics Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Blue Triad EZAnalytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 505430cf135b Credits WordFence...