WordPress Language Switcher Plugin <= 3.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Language Switcher Type Plugin Vulnerable versions = 3.7.13 Fixed in 3.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9610 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7600fb4498d2 Credits vgo0 Required...

WordPress FULL Customer Plugin <= 3.1.22 is vulnerable to Cross Site Scripting (XSS)

Software FULL Customer Type Plugin Vulnerable versions = 3.1.22 Fixed in 3.1.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 199342483259 Credits vgo0 Required...

WordPress PublishPress Revisions Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software PublishPress Revisions Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9436 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3677d6c152ff Credits vgo0...

WordPress Pedalo Connector Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software Pedalo Connector Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9822 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4f984c880363 Credits István...

WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection

Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress IP Loc8 Plugin <= 1.1 is vulnerable to PHP Object Injection

Software IP Loc8 Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 037f1dc8325d Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Maximum Products per User for WooCommerce Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Maximum Products per User for WooCommerce Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9205 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a571f465eb2...

WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection

Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...

WordPress External featured image from bing Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software External featured image from bing Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-48027 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID dfcd7085e39e Credits João...

WordPress Disc Golf Manager Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Disc Golf Manager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48026 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ad0f79b4fc3a Credits LVT-tholv2k Required privilege...

WordPress pretix widget Plugin <= 1.0.5 is vulnerable to Local File Inclusion

Software pretix widget Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2024-9575 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a2933f81cf6 Credits João Pedro S Alcântara Kinorth Required...

WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

WordPress WP Users Masquerade Plugin <= 2.0.0 is vulnerable to Broken Authentication

Software WP Users Masquerade Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9522 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb305b8e1a56 Credits Istvá...

WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection

Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...

WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability

Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...

WordPress Auto iFrame Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Auto iFrame Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9449 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 731554979a26 Credits tjoffe Required privilege Author...

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...

WordPress Embed PDF Viewer Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Embed PDF Viewer Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f682b615e5b7 Credits tjoffe Required privile...

WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to SQL Injection

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48020 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 257cfd27ce2c Credits Hakiduck Required...

WordPress BuddyPress Docs Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Docs Type Plugin Vulnerable versions = 2.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9207 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d79eef12da8e Credits vgo0 Required...