WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52383 Patch priority High CVSS severity High 7.5 Developer Claim...

WordPress DigiPass Plugin <= 0.3.0 is vulnerable to Arbitrary File Download

Software DigiPass Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2024-52378 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dbfd2eb97192 Credits stealthcopter Required privilege Unauthenticat...

WordPress Datasets Manager by Arttia Creative Plugin <= 1.5 is vulnerable to Arbitrary File Upload

Software Datasets Manager by Arttia Creative Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52375 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c894c89a63d1 Credits stealthcopter Required...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10325 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3bcf490aa26b...

WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal

Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution

Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...

WordPress HB AUDIO GALLERY Plugin <= 3.0 is vulnerable to Arbitrary File Upload

Software HB AUDIO GALLERY Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51790 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 40d2c24127c2 Credits stealthcopter Required privilege...

WordPress Audio Record Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Audio Record Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51792 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6342416d8183 Credits stealthcopter Required privilege Unauthenticate...

WordPress Text Advertisements Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Text Advertisements Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4a6f56c833e Credits SOPROBRO Required privilege Contributo...

WordPress Social button Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Social button Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3298adb5e8ae Credits SOPROBRO Required privilege Contributor...

WordPress Simple Social Share Block Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Social Share Block Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51865 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b3f455be888 Credits SOPROBRO Required privilege...

WordPress EventPress Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software EventPress Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51861 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2952d5f238c Credits SOPROBRO Required privilege Contributor...

WordPress WoW Guild Armory Roster Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WoW Guild Armory Roster Type Plugin Vulnerable versions = 0.5.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 56dc451178b5 Credits SOPROBRO Required privilege...

WordPress Image Carousel Shortcode Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Image Carousel Shortcode Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51842 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 38ccc7d0aa04 Credits Gab Required privilege Contributo...

WordPress IA Map Analytics Basic Plugin <= 20170413 is vulnerable to Cross Site Scripting (XSS)

Software IA Map Analytics Basic Type Plugin Vulnerable versions = 20170413 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51937 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ee8dd041e2f Credits SOPROBRO Required privilege...

WordPress GreenCon Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software GreenCon Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51926 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a0742eb73fa Credits Gab Required privilege Contributor Published 8...