WordPress WP Last Modified Info Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Last Modified Info Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6864 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e374934e79b Credits Webbernaut Require...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to SQL Injection

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6847 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2bfe1eee61ea Credits Karolis Narvilas Required privilege Unauthenticat...

WordPress Admission AppManager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Admission AppManager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4507 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 138041d75b79 Credits zulu caPWN...

WordPress Bricks Builder Theme <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bricks Builder Type Theme Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3408 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a8763892e84e Credits Ram Required privilege...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6843 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29f289a57217 Credits Karolis Narvilas...

WordPress Skitter Slideshow Plugin <= 2.5.2 is vulnerable to Server Side Request Forgery (SSRF)

Software Skitter Slideshow Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-1751 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 248ddea6bcba Credits Bartu Utku SARP Required...

WordPress GEO my WordPress Plugin < 4.5.0.2 is vulnerable to Local File Inclusion

Software GEO my WordPress Type Plugin Vulnerable versions 4.5.0.2 Fixed in 4.5.0.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6330 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1d2a75d492b7 Credits Michael Dyrna Required privilege...

WordPress myCred Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2faf75ac250 Credits LVT-tholv2k Required privilege Contributor...

WordPress Modal Window Plugin <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Modal Window Type Plugin Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 956b00accf44 Credits LVT-tholv2k Required privilege Contributo...

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

WordPress Team Showcase Plugin <= 1.22.23 is vulnerable to Cross Site Scripting (XSS)

Software Team Showcase Type Plugin Vulnerable versions = 1.22.23 Fixed in 1.22.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43321 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48667d784b23 Credits LVT-tholv2k Required privilege...

WordPress Structured Content Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df5a04e07bd7 Credits Michael Required privilege...

WordPress Gutentor Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Gutentor Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e4eea1e0d03 Credits João Pedro S Alcântara Kinorth Required...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43304 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bdccb41579f9 Credi...

WordPress Recipe Card Blocks for Gutenberg & Elementor Plugin <= 3.3.1 is vulnerable to Broken Access Control

Software Recipe Card Blocks for Gutenberg & Elementor Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19c361c53a3a Credits...

WordPress Presto Player Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Presto Player Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43285 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 632e04c55037 Credits Rafie Muhammad Patchstack...

WordPress Plugin Notes Plus Plugin <= 1.2.7 is vulnerable to Arbitrary Content Deletion

Software Plugin Notes Plus Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2024-43326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 048345824ef6 Credits Trương Hữu Phúc...

WordPress Purity Of Soul Theme <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Purity Of Soul Type Theme Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43348 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e3680e055fd Credits justakazh Required privilege...

WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...

WordPress Order Tracking Plugin < 3.3.13 is vulnerable to Broken Access Control

Software Order Tracking Type Plugin Vulnerable versions 3.3.13 Fixed in 3.3.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID da6200de622c Credits Abdi Pranata Required privileg...