WordPress Digitally Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Digitally Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49309 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 216a2ab68c1d Credits justakazh Required privilege...

WordPress Email Verification for WooCommerce Plugin <= 2.8.10 is vulnerable to SQL Injection

Software Email Verification for WooCommerce Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49305 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2913142990bb Credits shaman0x01 Required privile...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49290 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c5a09464e377 Credits RE-ALTER Required privileg...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...

WordPress PeproDev Ultimate Invoice Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Software PeproDev Ultimate Invoice Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49298 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ec8d635fcc13 Credits LVT-tholv2k Required privile...

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Broken Access Control

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8746 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 037debfe30cc Credits TANG Cheuk Hei siunam...

WordPress Accordion Slider Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Accordion Slider Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9582 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14d97d769a8a Credits Muhammad Adel ItsFadi...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Arbitrary File Upload

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49291 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ca91d1c3c8bf Credits RE-ALTER Required privilege Unauthenticated...

WordPress Job Board Manager for WordPress Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Job Board Manager for WordPress Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49322 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d9004d540adc Credits João Pedro S...

WordPress CURCY Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software CURCY Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49283 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a6bd022fc477 Credits Dimas Maulana Required privilege...

WordPress FREE DOWNLOAD MANAGER Plugin <= 1.0.0 is vulnerable to Arbitrary File Deletion

Software FREE DOWNLOAD MANAGER Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49315 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 8f4f5a37b4b7 Credits stealthcopter Required privilege...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

WordPress Htaccess File Editor Plugin <= 1.0.18 is vulnerable to Broken Access Control

Software Htaccess File Editor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6dd94150ebc Credits savphill Require...

WordPress my wooden under construction Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software my wooden under construction Type Theme Vulnerable versions = 2.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cc0e1da3f3b Credits justakazh Required...

WordPress Rescue Shortcodes Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 55990669c666 Credits Peter Thaleikis Required...

WordPress BuddyPress Better Registration Plugin <= 1.6 is vulnerable to Broken Authentication

Software BuddyPress Better Registration Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-49247 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4288fed05f70...

WordPress cSlider Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software cSlider Type Plugin Vulnerable versions = 2.4.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49221 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fee1f2fb0a1b Credits SOPROBRO Required...

WordPress Recently Plugin <= 1.1 is vulnerable to PHP Object Injection

Software Recently Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49218 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dfdd033e65c6 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress disconnected Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software disconnected Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49268 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8595c00a71d4 Credits justakazh Required privilege...