WordPress Eventin Plugin <= 3.3.50 is vulnerable to Broken Access Control

Software Eventin Type Plugin Vulnerable versions = 3.3.50 Fixed in 3.3.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1122 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a2c7fec8c772 Credits Francesco Carlucci Required privileg...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1335 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 78d30d4717e8 Credi...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1091 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c9f4939f73b Credits Frances...

WordPress MyWaze Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software MyWaze Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25594 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7c3e16f49118 Credits Ngô Thiên An ancorn from VNPT-VCI Required privileg...

WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25910 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 376a551a56e9 Credits Dave Jong Patchstack Required privilege Unauthenticated...

WordPress WP Editor Plugin <= 1.2.7 is vulnerable to Sensitive Data Exposure

Software WP Editor Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-25591 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 005894aaae3d Credits Joshua Chan...

WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Honeypot for WP Comment Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24933 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 01642edd0b7b Credits Dimas Maulana Required...

WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Brooklyn Type Theme Vulnerable versions = 4.9.7.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24927 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 61a468418831 Credits Rafie Muhammad Patchstack Required...

WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Before After Image Slider WP Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24931 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a36c65d6ecc8 Credits Ngô Thiên An ancorn from...

WordPress VK Poster Group Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software VK Poster Group Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-24932 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1880d39de9c0 Credits Le Ngoc Anh Require...

WordPress Honeypot for WP Comment Plugin <= 2.2.3 is vulnerable to Arbitrary File Deletion

Software Honeypot for WP Comment Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary File Deletion CVE CVE-2024-1350 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 972e393f6005...

WordPress WP Recipe Maker Plugin <= 9.1.2 is vulnerable to Broken Access Control

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1206 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 59c6b1fa45e4 Credits Lucio Sá Required privilege...

WordPress Shortcodes Ultimate Plugin <= 7.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0792 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 60b85feef073 Credits Webbernaut Required...

WordPress Booking Calendar Plugin <= 9.9 is vulnerable to SQL Injection

Software Booking Calendar Type Plugin Vulnerable versions = 9.9 Fixed in 9.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1207 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID f33b420f42e8 Credits Muhammad Hassham Nagori Required privilege...

WordPress Customer Reviews for WooCommerce Plugin <= 5.38.12 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.12 Fixed in 5.39.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1044 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7bfc65d6b633 Credits Francesco...

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dd46b4b9ae28 Credits Lucio Sá Required privileg...

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...

WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contest Gallery Type Plugin Vulnerable versions = 21.2.8.4 Fixed in 21.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24887 Patch priority Low CVSS severity Low 5.4 Developer Wasiliy Strecker PSID bc8832951ec5 Credits Dhabaleshwar D...

WordPress LearnDash LMS Plugin <= 4.10.1 is vulnerable to Sensitive Data Exposure

Software LearnDash LMS Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eac39e71b914 Credits Karl Emil Nikka Required...

WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Software Wonder Slider Lite Type Plugin Vulnerable versions = 13.9 Fixed in 14.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 535b8a842a2e Credits Dimas Maulana Required privileg...