WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Arbitrary File Upload

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9942 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58875029db47 Credits Tonn Required privilege Unauthenticated Published...

WordPress Easy Liveblogs Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Liveblogs Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11387 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6da863109659 Credits SOPROBRO Required...

WordPress IceStats Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software IceStats Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53724 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 228e60432718 Credits SOPROBRO Required privilege...

WordPress PeachPay Payments Plugin <= 1.112.0 is vulnerable to Cross Site Scripting (XSS)

Software PeachPay Payments Type Plugin Vulnerable versions = 1.112.0 Fixed in 1.113.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11362 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab27db02ed0 Credits vgo0 Requir...

WordPress Product Table for WooCommerce Plugin <= 3.5.1 is vulnerable to Sensitive Data Exposure

Software Product Table for WooCommerce Type Plugin Vulnerable versions = 3.5.1 Fixed in 3.5.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10813 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 157ba908784e Credits Nathan...

WordPress WP User Manager Plugin <= 2.9.11 is vulnerable to Broken Access Control

Software WP User Manager Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10216 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID dd84c78601e5 Credits BrokenAC ignore Required...

WordPress Post Hits Counter Plugin <= 2.8.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Hits Counter Type Plugin Vulnerable versions = 2.8.23 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53725 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1adf13e9aa62 Credits SOPROBRO...

WordPress LA-Studio Element Kit for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10873 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID b849859ee751 Credits WordFence Required...

WordPress School Management Plugin <= 91.5.0 is vulnerable to Arbitrary File Upload

Software School Management Type Plugin Vulnerable versions = 91.5.0 Fixed in 92.0.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9659 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c5a4715332b9 Credits Tonn Required privilege Unauthenticat...

WordPress Chessgame Shizzle Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Chessgame Shizzle Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11446 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1722680fdfe8 Credits vgo0 Required...

WordPress WP Travel Engine Plugin <= 6.2.1 is vulnerable to Broken Access Control

Software WP Travel Engine Type Plugin Vulnerable versions = 6.2.1 Fixed in 6.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10606 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e46e3ce94c1a Credits Noah Stead TurtleBurg Requir...

WordPress JobBoardWP – Job Board Listings and Submissions Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software JobBoardWP – Job Board Listings and Submissions Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10880 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress GEO my WordPress Plugin < 4.5 is vulnerable to Arbitrary File Upload

Software GEO my WordPress Type Plugin Vulnerable versions 4.5 Fixed in 4.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9422 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID d3c56af69a13 Credits Michael Dyrna Required privilege Administrator...

WordPress Gallery Blocks with Lightbox Plugin <= 3.2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Gallery Blocks with Lightbox Type Plugin Vulnerable versions = 3.2.4.2 Fixed in 3.2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10034 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ff0a8df72d8e Credits SE-YEO...

WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication

Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress Dino Game Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Dino Game Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11388 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3063a938b1ce Credits SOPROBRO Required privilege...

WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10393 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 196d31d95c65 Credits 1337Wannabe...

WordPress WPFunnels Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10792 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID b1c17399226b Credits Nathan calysteon Require...

WordPress Theme Builder For Elementor Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Theme Builder For Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10782 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266b574a3c97...