WordPress Viral Signup Plugin <= 2.1 is vulnerable to SQL Injection

Software Viral Signup Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6926 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bccf241bb1d7 Credits Project Black Required privilege Unauthenticated...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Insecure Direct Object References (IDOR)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8123 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...

WordPress Sign-up Sheets Plugin < 2.2.13 is vulnerable to Cross Site Scripting (XSS)

Software Sign-up Sheets Type Plugin Vulnerable versions 2.2.13 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6020 Patch priority Medium CVSS severity Medium 7.1 Developer Fetch Designs PSID 65a76cb93247 Credits Bob Matyas Required...

WordPress WC Marketplace Plugin <= 4.2.0 is vulnerable to Privilege Escalation

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8289 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 9025ce00a31d Credits wesley...

WordPress Bit File Manager Plugin 6.0-6.5.5 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions 6.0-6.5.5 Fixed in 6.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-7627 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 8d646fb4b08e Credits TANG Cheuk Hei siunam Required...

WordPress PixelYourSite PRO Plugin <= 10.4.2 is vulnerable to Sensitive Data Exposure

Software PixelYourSite PRO Type Plugin Vulnerable versions = 10.4.2 Fixed in 10.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7870 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c3722df4917d Credits Xetnus Required...

WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control

Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...

PT-2024-32237 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the drm/panthor component, where high priorities on group create were not properly restricted. This allowed any users to create a high priority group without...

WordPress WP Job Portal Plugin <= 2.1.6 is vulnerable to Broken Access Control

Software WP Job Portal Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7950 Patch priority High CVSS severity High 9.8 Developer Ahmad PSID 3162f7bd55ec Credits Connor Billings Required privilege...

WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.8.6-3.8.10 Fixed in 3.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b1a720170de Credits Erwan LR WPScan Required privilege...

WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74ab02fc965d Credits Bob Matyas Required...

WordPress Attire Theme <= 2.0.6 is vulnerable to PHP Object Injection

Software Attire Type Theme Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7435 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 834924dbc4f2 Credits Francesco Carlucci Required privilege Contribut...

WordPress WP Cerber Security Plugin <= 9.4 is vulnerable to Bypass Vulnerability

Software WP Cerber Security Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e81948cda6a5 Credits chihyu Required privilege...

WordPress Share This Image Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce0f588ce2a5 Credits Francesco Carlucci Requir...

WordPress Booking Calendar Plugin <= 10.5 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions = 10.5 Fixed in 10.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f7f6184bfbdf Credits David Gallagher...

WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...

WordPress Web Directory Free Plugin < 1.7.3 is vulnerable to Local File Inclusion

Software Web Directory Free Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3673 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4fbe470a086 Credits Simone Onofri Kim Cerra Andrea De...

WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...