WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43984 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID b38f22b27679 Credits...

WordPress Fota WP Theme <= 1.4.1 is vulnerable to Broken Access Control

Software Fota WP Type Theme Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43980 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b10d5d19d02a Credits Fariq Fadillah Gusti Insani...

WordPress Permalink Manager Lite Plugin <= 2.4.4 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8195 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6d2ef5ed74cf Credits stealthcopter Require...

WordPress Xpro Elementor Addons Plugin <= 1.4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.3 Fixed in 1.4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 93f87661de72 Credits WordFence...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d47df2666851 Credits Sajjad Ahmad jacksparro...

WordPress Gixaw Chat Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gixaw Chat Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7816 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID aa72a581011b Credits Daniel Ruf Required privilege...

WordPress Ninja Tables Plugin <= 5.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7304 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a12833da3c4c Credits wesley wcraft Required...

WordPress Blog Introduction Plugin <= 0.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blog Introduction Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b5cd399b1013 Credits Daniel Ruf Required...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eb3754a5f963 Credits Sajjad Ahmad jacksparrow Required...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

WordPress Image Hotspot by DevVN Plugin <= 1.2.5 is vulnerable to PHP Object Injection

Software Image Hotspot by DevVN Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7656 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 9842e20a2259 Credits Lucio Sá Required privilege Auth...

WordPress Tempera Theme <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Tempera Type Theme Vulnerable versions = 1.8.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43951 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 699efcd6c9d2 Credits stealthcopter Required privilege Contributor...

WordPress Propovoice Pro Plugin <= 1.7.0.3 is vulnerable to SQL Injection

Software Propovoice Pro Type Plugin Vulnerable versions = 1.7.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43941 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 6f9d32f040df Credits Dave Jong Patchstack Required privilege...

WordPress Testimonials Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Testimonials Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43959 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8da344adddf2 Credits Abdi Pranata Required privilege...

WordPress JobSearch Plugin <= 2.5.4 is vulnerable to Broken Access Control

Software JobSearch Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43929 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7bad1c217a2 Credits Ananda Dhakal Patchstack...

WordPress SendGrid for WordPress Plugin <= 1.4 is vulnerable to SQL Injection

Software SendGrid for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43965 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 897d693aed88 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Envira Photo Gallery Plugin <= 1.8.14 is vulnerable to Broken Access Control

Software Envira Photo Gallery Type Plugin Vulnerable versions = 1.8.14 Fixed in 1.8.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c53eb2407a8 Credits Rafie Muhammad...

WordPress String locator Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software String locator Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6987 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1314ec6116ff Credits Rein Daelman trein...

WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection

Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...

WordPress MaxButtons Plugin <= 9.7.8 is vulnerable to Sensitive Data Exposure

Software MaxButtons Type Plugin Vulnerable versions = 9.7.8 Fixed in 9.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6499 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c468e4e161ae Credits stealthcopter Required privileg...