WordPress Cwicly Plugin <= 1.4.0.2 is vulnerable to Remote Code Execution (RCE)

Software Cwicly Type Plugin Vulnerable versions = 1.4.0.2 Fixed in 1.4.0.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-24707 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 03a26bc8d3c0 Credits Snicco Required privilege Contributo...

WordPress PowerPack Addons for Elementor Plugin <= 2.7.15 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1411 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 6ccdfffb7852 Credits wesle...

WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection

Software postMash – custom post order Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25927 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5131e79f3c3e Credits Dimas Maulana Required privilege...

WordPress Landing Page Cat Plugin <= 1.7.2 is vulnerable to Sensitive Data Exposure

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0708 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9cdc23335541 Credits Nathaniel Oh 0x4n3 Requir...

WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Software WooCommerce Easy Checkout Field Editor, Fees & Discounts Type Plugin Vulnerable versions = 3.5.12 Fixed in 3.5.13 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25925 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a8071054e8b4 Credi...

WordPress WP Setup Wizard Plugin <= 1.0.8.1 is vulnerable to Sensitive Data Exposure

Software WP Setup Wizard Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-25917 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5a05aed5e6cb Credits Dave Jong Patchstack...

WordPress Peach Payments Gateway Plugin <= 3.1.9 is vulnerable to Broken Access Control

Software Peach Payments Gateway Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25922 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ed5c43af060 Credits Abdi Pranata Required...

WordPress Paid Member Subscriptions Plugin <= 2.11.1 is vulnerable to Broken Access Control

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.11.1 Fixed in 2.11.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6361d41c5a14 Credits Lucio Sá Required...

WordPress Custom Field Template Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Template Type Plugin Vulnerable versions = 2.6 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25919 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9a3d14013fc0 Credits LVT-tholv2k Required privilege...

WordPress InstaWP Connect Plugin <= 0.1.0.8 is vulnerable to Remote Code Execution (RCE)

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.8 Fixed in 0.1.0.9 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25918 Patch priority High CVSS severity High 9.9 Developer InstaWP PSID 5cb6a758baa7 Credits Majed Refaea Required privilege...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1157 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d94380d5f2fc Credits Mdr Required privilege...

WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection

Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...

WordPress Analytics Insights for Google Analytics Plugin < 6.3 is vulnerable to Open Redirection

Software Analytics Insights for Google Analytics Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A4: Insecure Design Classification Open Redirection CVE CVE-2024-0250 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 9730ef8fd8fe Credits Krzysztof Zając CERT PL...

WordPress EazyDocs Plugin < 2.4.0 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0248 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64066df73b6f Credits Majed Refaea Required privilege...

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin < 3.0.0 is vulnerable to Broken Authentication

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-6036 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9bc7bba9b677 Credits...

WordPress Login Lockdown Plugin <= 2.08 is vulnerable to Broken Access Control

Software Login Lockdown Type Plugin Vulnerable versions = 2.08 Fixed in 2.09 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1340 Patch priority Low CVSS severity Low 5.4 Developer WebFactory Ltd. PSID 5a8910b6c979 Credits Lucio Sá Required privilege...

WordPress MapPress Maps for WordPress Plugin < 2.88.16 is vulnerable to Sensitive Data Exposure

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.16 Fixed in 2.88.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800421954891 Credits Erwan LR...

WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload

Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25909 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID e05dfe398169 Credits Dave Jong Patchstack Required privilege...

WordPress Canto Plugin <= 3.0.6 is vulnerable to Remote Code Execution (RCE)

Software Canto Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25096 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5a102fd4265b Credits Rodrigo Escobar ipax Required privilege...

WordPress Awesome Support Plugin <= 6.1.7 is vulnerable to SQL Injection

Software Awesome Support Type Plugin Vulnerable versions = 6.1.7 Fixed in 6.1.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0594 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 63f2c5ccd5ea Credits Krzysztof Zając Required privilege Subscriber...