WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2b353481dee7 Credits John Castro Required privilege...

WordPress DocumentPress Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DocumentPress Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9ccb703f5e18 Credits Mika Required privilege Unauthenticate...

WordPress AI Image Generator for Your Content & Featured Images – AI Postpix Plugin <= 1.1.8 is vulnerable to Arbitrary File Upload

Software AI Image Generator for Your Content & Featured Images – AI Postpix Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2024-49671 Patch priority High CVSS severity High 9.9 Developer Claim ownership...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.3.5 is vulnerable to Sensitive Data Exposure

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.36 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-49683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb194b3fd454 Credits Joshua...

WordPress Verbalize WP Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Verbalize WP Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49668 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5d5cf04a7cde Credits stealthcopter Required privilege Unauthenticate...

WordPress LaTeX2HTML Plugin <= 2.5.4 is vulnerable to Cross Site Scripting (XSS)

Software LaTeX2HTML Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49673 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 14e6f2ad72df Credits Muhamad Agil Fachrian Required...

WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Deletion

Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49657 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 209728d5f5a9 Credits stealthcopter Required privilege...

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to Sensitive Data Exposure

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8852 Patch priority Low CVSS severity Low 5.3 Developer ServMask, Inc PSID 1b517ae2c2c6 Credits villu164 Required...

WordPress Event Manager for WooCommerce Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6440b4e0449 Credits João Pedro S Alcântara...

WordPress Banner Slider Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Banner Slider Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49635 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54728b0228c3 Credits João Pedro S Alcântara Kinorth Require...

WordPress Time Clock Pro Plugin <= 1.1.4 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Pro Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9837dd0a77ff Credits István Márton Required privilege...

WordPress Time Clock Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID ba1ac64c553d Credits István Márton Required privilege...

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.9 is vulnerable to Sensitive Data Exposure

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9889 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7d169fa5766f Credits Ankit...

WordPress Duplicate Title Validate Plugin <= 1.0 is vulnerable to SQL Injection

Software Duplicate Title Validate Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49623 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62fe8295ce3c Credits Muhamad Agil Fachrian Required privilege...

WordPress FERMA.ru.net Plugin <= 1.3.3 is vulnerable to SQL Injection

Software FERMA.ru.net Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49620 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 8b411d57045c Credits LVT-tholv2k Required privilege Subscriber Published ...

WordPress MyTweetLinks Plugin <= 1.1.1 is vulnerable to SQL Injection

Software MyTweetLinks Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49618 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 011544e8e2d0 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Product Website Showcase Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Product Website Showcase Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49611 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f26ca655ccfd Credits stealthcopter Required privilege...

WordPress photokit Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software photokit Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49610 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a740c666723d Credits stealthcopter Required privilege Unauthenticated...

WordPress jLayer Parallax Slider Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software jLayer Parallax Slider Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49334 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 65c219f6d335 Credits João Pedro S Alcântara Kinort...