WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.107 Fixed in 0.9.108 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10962 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID b2861821d90b Credits Webbernaut Required...

WordPress Essential Addons for Elementor Plugin <= 6.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 6.0.7 Fixed in 6.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8961 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID 829106888434 Credits zer0gh0st...

WordPress LearnPress Export Import Plugin <= 4.0.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Export Import Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9609 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 496adf4dad4b Credits vgo0...

WordPress Really Simple Security Pro multisite Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication

Software Really Simple Security Pro multisite Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 976349dfad8d Credits...

Virtuozzo Hybrid Infrastructure 6.1 Update 1 Hotfix 8 (6.1.1-61)

This update provides stability fixes. Vulnerability id: VSTOR-90793 Volume resize fails when the Nova API is not upgraded. Vulnerability id: VSTOR-94387 A stability fix for the S3 service. Vulnerability id: VSTOR-94519 When a VM is shelved by a host evacuation task, its attached PCI devices are n...

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

WordPress MultiManager WP Plugin <= 1.0.5 is vulnerable to Broken Authentication

Software MultiManager WP Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-11028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e81dabfc85 Credits shaman0x01 Required privilege...

WordPress Gameplan Theme <= 1.5.10 is vulnerable to Cross Site Scripting (XSS)

Software Gameplan Type Theme Vulnerable versions = 1.5.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52418 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7409a8ffcf90 Credits justakazh Required privilege...

WordPress ReConstruction Theme <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software ReConstruction Type Theme Vulnerable versions = 1.4.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52417 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09fd48f64288 Credits justakazh Required privilege...

WordPress Xin Theme <= 1.0.8.1 is vulnerable to PHP Object Injection

Software Xin Type Theme Vulnerable versions = 1.0.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52412 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID da7dd1423a5a Credits Mika Required privilege Unauthenticated Published 13...

WordPress Advanced Personalization Plugin <= 1.1.2 is vulnerable to PHP Object Injection

Software Advanced Personalization Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52411 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2cda7f7032dc Credits Bonds Required privilege...

WordPress Airin Blog Theme <= 1.6.1 is vulnerable to PHP Object Injection

Software Airin Blog Type Theme Vulnerable versions = 1.6.1 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52413 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5d3bd1ffdbab Credits Mika Required privilege Unauthenticated...

WordPress B-Banner Slider Plugin <= 1.1 is vulnerable to Arbitrary File Upload

Software B-Banner Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52405 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 1fa3975122b0 Credits stealthcopter Required privilege Subscriber...

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

WordPress CF7 Reply Manager Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload

Software CF7 Reply Manager Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52404 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ea9af17f6366 Credits stealthcopter Required privilege...

WordPress Convert Docx2post Plugin <= 1.4 is vulnerable to Arbitrary File Upload

Software Convert Docx2post Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52397 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 9d8423b2e894 Credits CTRL Chance Required privilege Author...

WordPress CDI Plugin <= 5.5.3 is vulnerable to Arbitrary File Upload

Software CDI Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52398 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a3849d91bb27 Credits Joshua Chan Required privilege Shop manager...

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...