WordPress CM Table Of Contents – WordPress TOC Plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software CM Table Of Contents – WordPress TOC Plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5029 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7d80877428bb...

WordPress Sky Addons for Elementor Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11104 Patch priority High CVSS severity High 8.1 Developer Shahidul Islam PSID 3c17c9976c8a Credits vgo0 Required...

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10890 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf76651e6ed6 Credits...

WordPress AccessPress Staple Theme <= 1.9.1 is vulnerable to Arbitrary File Upload

Software AccessPress Staple Type Theme Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 613a651ca664 Credits Mika Required privilege Subscriber...

WordPress Clone Plugin <= 2.4.6 is vulnerable to PHP Object Injection

Software Clone Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10913 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3676e7fb18ec Credits Webbernaut Required privilege Unauthenticated...

WordPress Co-marquage service-public.fr Plugin <= 0.5.76 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.76 Fixed in 0.5.77 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10522 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1b874700b5d7 Credits...

WordPress SEO Plugin by Squirrly SEO Plugin < 12.3.21 is vulnerable to Cross Site Scripting (XSS)

Software SEO Plugin by Squirrly SEO Type Plugin Vulnerable versions 12.3.21 Fixed in 12.3.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10515 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 865200521938 Credits Dmitrii...

WordPress WP Project Manager Plugin <= 2.6.14 is vulnerable to Broken Access Control

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.14 Fixed in 2.6.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10520 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 33198b86bceb Credits Noah Stead...

WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 is vulnerable to SQL Injection

Software Distance Based Shipping Calculator Type Plugin Vulnerable versions = 2.0.21 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52495 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c1821da89db4 Credits João Pedro S Alcântara Kinort...

WordPress Page Parts Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Page Parts Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5273fd367a Credits vgo0 Required privileg...

WordPress salavat counter Plugin <= 0.9.1 is vulnerable to Cross Site Scripting (XSS)

Software salavat counter Type Plugin Vulnerable versions = 0.9.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11435 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ebdb6a73aa4 Credits Colin Xu Required...

WordPress Grip Theme <= 1.0.9 is vulnerable to Arbitrary File Upload

Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b55cacdb5723 Credits Mika Required privilege Subscriber Published 20...

WordPress WPB Popup for Contact Form 7 Plugin <= 1.7.5 is vulnerable to Broken Access Control

Software WPB Popup for Contact Form 7 Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b3456d161fd Credits Arkadiusz...

WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10872 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2813c069cfe Credits stealthcopt...

WordPress LeanPress Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software LeanPress Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52483 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d51df0763090 Credits Zlrqh Required privilege Unauthenticated...

WordPress Document & Data Automation Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Document & Data Automation Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52477 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c4664f023a91 Credits SOPROBRO...

WordPress Classified Listing Plugin <= 3.1.15.1 is vulnerable to Broken Access Control

Software Classified Listing Type Plugin Vulnerable versions = 3.1.15.1 Fixed in 3.1.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11194 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 528b93e15121 Credits vgo0 Required...

WordPress Wc Recently viewed products Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Wc Recently viewed products Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7628634c1296 Credits Muhamad Agil Fachrian...

WordPress Ortto Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Ortto Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52482 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b5d486dfe4b Credits Le Ngoc Anh Required privilege...

WordPress MStore API Plugin <= 4.15.7 is vulnerable to SQL Injection

Software MStore API Type Plugin Vulnerable versions = 4.15.7 Fixed in 4.15.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11179 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 1c06ba6b6a95 Credits Trương Hữu Phúc truonghuuphuc Required privilege...