WordPress Pro Addons For Elementor Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Pro Addons For Elementor Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51812 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b0c22c1328af Credits Gab Required privilege...

WordPress Trendy Restaurant Menu Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Trendy Restaurant Menu Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5538c79e9ace Credits SOPROBRO Required privilege...

WordPress Anant Addons for Elementor Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Anant Addons for Elementor Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51813 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a1918ff11f57 Credits Gab Required privilege...

WordPress Adventure Bucket List Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Adventure Bucket List Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51908 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a843ca67ed0 Credits SOPROBRO Required privilege...

WordPress Envo Extra Plugin <= 1.9.3 is vulnerable to Sensitive Data Exposure

Software Envo Extra Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10770 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c74e911b1aae Credits Francesco Carlucci Required privilege...

WordPress Redirecter Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Redirecter Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51855 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dfdafabcd66b Credits SOPROBRO Required privilege Contributor Publish...

WordPress Landing Page Cat Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a9da6507309 Credits vgo0 Required...

WordPress BU Slideshow Plugin <= 2.3.10 is vulnerable to Cross Site Scripting (XSS)

Software BU Slideshow Type Plugin Vulnerable versions = 2.3.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52351 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35f550f0aa07 Credits SOPROBRO Required privilege Contributor...

WordPress Computer Repair Shop Plugin <= 3.8115 is vulnerable to Arbitrary File Upload

Software Computer Repair Shop Type Plugin Vulnerable versions = 3.8115 Fixed in 3.8116 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51793 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4e734860df66 Credits stealthcopter Required privilege...

WordPress OSM – OpenStreetMap Plugin <= 6.1.2 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52355 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68bca5f9bb55 Credits Junwoo Kang Required privilege...

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...

WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

WordPress Wp-ImageZoom Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Wp-ImageZoom Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9934 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48857c949d4e Credits Mohammad Nikouei Requir...

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8615 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 46ee6cd9f962 Credits Tonn Required privilege Unauthenticated Publish...

WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication

Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...

WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.5 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.5 Fixed in 4.5.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10084 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a8f9f7ebcd8 Credits...

WordPress Super Socializer Plugin <= 7.13.68 is vulnerable to Broken Authentication

Software Super Socializer Type Plugin Vulnerable versions = 7.13.68 Fixed in 7.14 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9946 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3feff8ece72e Credits wesle...

WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Security Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 39d130db7003 Credits...

WordPress Photo Gallery by 10Web Plugin <= 1.8.30 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.30 Fixed in 1.8.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e0cf77477c6f Credits tmrswrr Require...