WordPress CP Polls Plugin <= 1.0.71 is vulnerable to Bypass Vulnerability

Software CP Polls Type Plugin Vulnerable versions = 1.0.71 Fixed in 1.0.72 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-24873 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b041270a0860 Credits Kyle Sanchez Required privilege...

WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.5.13 Fixed in 7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24879 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d3a58aec2719 Credits Yudistira Arya Required privilege...

WordPress Apollo13 Framework Extensions Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Apollo13 Framework Extensions Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24880 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c7023587281d Credits LVT-tholv2k Required...

WordPress Anonymous Restricted Content Plugin <= 1.6.2 is vulnerable to Bypass Vulnerability

Software Anonymous Restricted Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0909 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3b50fe0358a1 Credits Francesco Carlucci...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.1 is vulnerable to Broken Access Control

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1092 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d6dde9967d92 Credits Muhammad Daffa Requir...

WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74b9c66453a9 Credits LVT-tholv2k Required privilege...

WordPress Popup More Popups Plugin <= 2.2.4 is vulnerable to Local File Inclusion

Software Popup More Popups Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-0844 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 12b7d2f01a9e Credits 0x9567b Required privilege Administrator...

WordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Mighty Addons for Elementor Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24846 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 487dfa184881 Credits Yudistira Arya Require...

WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...

WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 6.9.4 is vulnerable to Sensitive Data Exposure

Software WP Visitor Statistics Real Time Traffic Type Plugin Vulnerable versions = 6.9.4 Fixed in 6.9.5 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-24867 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

WordPress Total Upkeep Plugin <= 1.15.8 is vulnerable to Arbitrary File Download

Software Total Upkeep Type Plugin Vulnerable versions = 1.15.8 Fixed in 1.15.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-24869 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7a4ce347d2cf Credits Yudistira Arya Required privileg...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6.1 is vulnerable to Broken Access Control

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6.1 Fixed in 1.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0797 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0495675d205 Credits...

CVE-2024-1085

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...

WordPress Ultra Companion Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Ultra Companion Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 27efb6397cad Credits Ray Wilson Required privilege...

WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...

WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24796 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID e6a64198a3ef Credits Ngô Thiên An ancorn fr...

WordPress Load More Anything Plugin <= 3.3.3 is vulnerable to Broken Access Control

Software Load More Anything Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24704 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 21a4ab3d4f55 Credits Elliot Required...

WordPress PilotPress Plugin <= 2.0.30 is vulnerable to Broken Access Control

Software PilotPress Type Plugin Vulnerable versions = 2.0.30 Fixed in 2.0.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23524 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 0d381f1b6d73 Credits Nguyen Xuan Chien Required...

WordPress Wp-Adv-Quiz Plugin < 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Wp-Adv-Quiz Type Plugin Vulnerable versions 1.0.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5943 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 12e6f67d0d8b Credits Rafael Aristodimou Required...