WordPress Kata Plus Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Kata Plus Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50501 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 710165188cb5 Credits Michael Required privilege Contributor...

WordPress Acnoo Flutter API Plugin <= 1.0.5 is vulnerable to Privilege Escalation

Software Acnoo Flutter API Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50486 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 69fb59b59cf8 Credits...

WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...

WordPress Signup Page Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Signup Page Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15ed63623277 Credits Mika Required...

WordPress Marketing Automation by AZEXO Plugin <= 1.27.80 is vulnerable to Arbitrary File Upload

Software Marketing Automation by AZEXO Type Plugin Vulnerable versions = 1.27.80 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50480 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 9dfc47a07621 Credits stealthcopter Required...

WordPress Ajar in5 Embed Plugin <= 3.1.3 is vulnerable to Arbitrary File Upload

Software Ajar in5 Embed Type Plugin Vulnerable versions = 3.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50473 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 049a1a1b0c36 Credits CTRL Chance Required privilege...

WordPress GRÜN spendino Spendenformular Plugin <= 1.0.1 is vulnerable to Privilege Escalation

Software GRÜN spendino Spendenformular Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50476 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6ea142807fb0...

WordPress Stacks Mobile App Builder Plugin <= 5.2.3 is vulnerable to Broken Authentication

Software Stacks Mobile App Builder Type Plugin Vulnerable versions = 5.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50477 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02ff662824ca Credit...

WordPress 1-Click Login: Passwordless Authentication Plugin 1.4.5 is vulnerable to Broken Authentication

Software 1-Click Login: Passwordless Authentication Type Plugin Vulnerable versions 1.4.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-50478 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2b1c10f4ccc7 Credits...

WordPress Woocommerce Product Design Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Woocommerce Product Design Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50482 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 410808c7ca79 Credits Bonds Required privilege...

WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Broken Authentication

Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 140fce8f5a83 Credits István...

WordPress Plugin Propagator Plugin <= 0.1 is vulnerable to Arbitrary File Upload

Software Plugin Propagator Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50495 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8034c466a94c Credits stealthcopter Required privilege...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9864 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1a0ade328fdb Credits zer0gh0st Required...

WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...

WordPress Mapster WP Maps Plugin <= 1.5.0 is vulnerable to Settings Change

Software Mapster WP Maps Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Settings Change CVE CVE-2024-9235 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID b9bebd7cfde8 Credits Sean Murphy Required privilege Contributor...

WordPress WooCommerce UPS Shipping – Live Rates and Access Points Plugin <= 2.3.11 is vulnerable to Broken Access Control

Software WooCommerce UPS Shipping – Live Rates and Access Points Type Plugin Vulnerable versions = 2.3.11 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9109 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3cccbff59...

WordPress wpDiscuz Plugin <= 7.6.24 is vulnerable to Broken Authentication

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.24 Fixed in 7.6.25 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9488 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c3cf059c4b56 Credits wesley wcraf...

WordPress Firelight Lightbox Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Firelight Lightbox Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50460 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2edb2390ea9c Credits Robert DeVore Required privilege...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...