WordPress LH Copy Media File Plugin <= 1.08 is vulnerable to Cross Site Scripting (XSS)

Software LH Copy Media File Type Plugin Vulnerable versions = 1.08 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9220 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f98d57ff7d4d Credits Colin Xu Required...

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

WordPress SliceWP Plugin <= 1.1.18 is vulnerable to Cross Site Scripting (XSS)

Software SliceWP Type Plugin Vulnerable versions = 1.1.18 Fixed in 1.1.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f33bf1e5efc6 Credits Le Ngoc Anh Required privilege...

WordPress Author Avatars List/Block Plugin <= 2.1.21 is vulnerable to Cross Site Scripting (XSS)

Software Author Avatars List/Block Type Plugin Vulnerable versions = 2.1.21 Fixed in 2.1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47370 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fcface20444 Credits Hwang Se-yeon Requir...

WordPress Strong Testimonials Plugin <= 3.1.16 is vulnerable to Broken Access Control

Software Strong Testimonials Type Plugin Vulnerable versions = 3.1.16 Fixed in 3.1.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47362 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46ea28be2188 Credits Joshua Chan Required...

WordPress The Post Grid Plugin < 7.5.0 is vulnerable to Cross Site Scripting (XSS)

Software The Post Grid Type Plugin Vulnerable versions 7.5.0 Fixed in 7.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3635 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID e1b0ed6ba0a7 Credits Dmitrii Ignatyev Required...

WordPress Top Bar – PopUps – by WPOptin Plugin <= 2.0.1 is vulnerable to Local File Inclusion

Software Top Bar – PopUps – by WPOptin Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47645 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f22f05a49b0f Credits tahu.datar Required...

WordPress Bold Page Builder Plugin < 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions 5.1.1 Fixed in 5.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47391 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6f2249a87cc9 Credits Robert DeVore Required privilege...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47394 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2995ae22faae Credits Bonds Required privilege Unauthenticat...

WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Broken Access Control

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47361 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID 2e7a1c5b31a1 Credits Rafie Muhammad Patchstack...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.7.3 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47389 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ed1c15130e3 Credits Le Ngoc Anh...

WordPress Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Plugin <= 1.27 is vulnerable to Cross Site Scripting (XSS)

Software Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Type Plugin Vulnerable versions = 1.27 Fixed in 1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47647 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aac881dee8e9 Credits...

WordPress Payflex Payment Gateway Plugin <= 2.6.1 is vulnerable to Open Redirection

Software Payflex Payment Gateway Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-47646 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ac682bcd42a4 Credits Muhamad Agil Fachrian Required privile...

WordPress Depicter Slider Plugin <= 3.2.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47359 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fe95aaab539d Credits Rafie Muhammad Patchstack...

WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47374 Patch priority Medium CVSS severity Medium 7.1 Developer Hai Zheng / Lite Speed Cache PSID b2ad66b394ec Credits TaiYou Required...

WordPress WPCOM Member Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software WPCOM Member Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f883b482d88 Credits Muhamad Agil Fachrian Required...

WordPress Simple LDAP Login Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple LDAP Login Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7ab689130b50 Credits vgo0 Required...

WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...