WordPress CoBlocks Plugin < 3.1.13 is vulnerable to Cross Site Scripting (XSS)

Software CoBlocks Type Plugin Vulnerable versions 3.1.13 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec557475360 Credits Dmitrii Ignatyev Required...

WordPress Fluida Theme <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Fluida Type Theme Vulnerable versions = 1.8.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44054 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 59dcfdc39bec Credits stealthcopter Required privilege Contributor...

WordPress Vikinghammer Tweet Plugin <= 0.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Vikinghammer Tweet Type Plugin Vulnerable versions = 0.2.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8043 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 95a37ffec80a Credits Daniel Ruf Required...

WordPress Media Library Folders Plugin <= 8.2.2 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7857 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID af7783c77043 Credits Lucio Sá Required privilege Subscriber...

WordPress Masterstudy LMS Starter Theme <= 1.1.8 is vulnerable to Sensitive Data Exposure

Software Masterstudy LMS Starter Type Theme Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43990 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 36d1f32aa077 Credits Peng Zhou Required...

WordPress Filmix Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Filmix Type Theme Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44060 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23b9f7aa796e Credits justakazh Required privilege Unauthenticated...

WordPress HelloAsso Plugin <= 1.1.10 is vulnerable to Broken Access Control

Software HelloAsso Type Plugin Vulnerable versions = 1.1.10 Fixed in 1.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44052 Patch priority Low CVSS severity Low 4.3 Developer HelloAsso PSID d764a14202f7 Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress Mystique Theme <= 2.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Mystique Type Theme Vulnerable versions = 2.5.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43988 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62ec3578ba8d Credits stealthcopter Required privilege Contributor...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Local File Inclusion

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8da27be920b8 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Custom Field Template Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Template Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44062 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 53885cdfe965 Credits Robert DeVore Required privilege...

WordPress Front End Users Plugin <= 3.2.28 is vulnerable to SQL Injection

Software Front End Users Type Plugin Vulnerable versions = 3.2.28 Fixed in 3.2.29 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7607 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 35067197eafa Credits Peter Thaleikis Required privilege Contributor...

WordPress EasyJobs Plugin <= 2.4.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software EasyJobs Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.4.15 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-43997 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56a38105092f Credits Muhammad Daffa Required...

WordPress Blogpoet Theme <= 1.0.3 is vulnerable to Broken Access Control

Software Blogpoet Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43998 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 863978478910 Credits Fariq Fadillah Gusti Insani...

WordPress Opor Ayam Theme <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Opor Ayam Type Theme Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44053 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1bcd7d651c5d Credits justakazh Required privilege Unauthenticate...

WordPress Permalink Manager Lite Plugin <= 2.4.4 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8195 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6d2ef5ed74cf Credits stealthcopter Require...

WordPress Super Store Finder Plugin <= 6.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Super Store Finder Type Plugin Vulnerable versions = 6.9.7 Fixed in 6.9.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43975 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e09dec37e3f Credits Bonds Required privilege...

WordPress Fota WP Theme <= 1.4.1 is vulnerable to Broken Access Control

Software Fota WP Type Theme Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43980 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b10d5d19d02a Credits Fariq Fadillah Gusti Insani...

WordPress ReviveNews Theme <= 1.0.2 is vulnerable to Broken Access Control

Software ReviveNews Type Theme Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43974 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 47fb9a9aedf3 Credits Fariq Fadillah Gusti Insani...

WordPress Login As Users Plugin <= 1.4.3 is vulnerable to Broken Access Control

Software Login As Users Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43982 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 591007b6910c Credits Ananda Dhakal Patchstack...

WordPress Spiffy Calendar Plugin <= 4.9.12 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.12 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43969 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7bc8db74206e Credits Certus Cybersecurity Required privilege...