WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...

WordPress Order Tracking Plugin < 3.3.13 is vulnerable to Broken Access Control

Software Order Tracking Type Plugin Vulnerable versions 3.3.13 Fixed in 3.3.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID da6200de622c Credits Abdi Pranata Required privileg...

WordPress Download Plugins and Themes from Dashboard Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Download Plugins and Themes from Dashboard Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7501 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 299a7b2ab8c8...

WordPress JetBlocks For Elementor Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7147 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 63831bec7c72 Credits stealthcopter...

WordPress WooCommerce Plugin <= 9.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39666 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e41b7df57a0 Credits stealthcopter Required privilege...

WordPress Brave Popup Builder Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Brave Popup Builder Type Plugin Vulnerable versions = 0.7.0 Fixed in 0.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43337 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04312f740763 Credits Ananda Dhakal...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

WordPress Custom Field For WP Job Manager Plugin <= 1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Custom Field For WP Job Manager Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7049 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3021ad422dd8 Credits...

WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure

Software Relevanssi Type Plugin Vulnerable versions = 4.22.2 Fixed in 4.23.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7630 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cdb75757e257 Credits stealthcopter Required...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43297 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4fdc68645ff9 Credits Anand...

WordPress Fonts Plugin <= 3.7.7 is vulnerable to Broken Access Control

Software Fonts Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43302 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 28935a5c542e Credits Rafie Muhammad Patchstack Required...

WordPress Theme My Login Plugin <= 7.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Theme My Login Type Plugin Vulnerable versions = 7.1.7 Fixed in 7.1.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7422 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3496bb32e539 Credits vgo0 Required privile...

WordPress Hello Agency Theme <= 1.0.5 is vulnerable to Broken Access Control

Software Hello Agency Type Theme Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43341 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dad92fd9c880 Credits Fariq Fadillah Gusti Insani...

WordPress WP Telegram Widget and Join Link Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Software WP Telegram Widget and Join Link Type Plugin Vulnerable versions = 2.1.27 Fixed in 2.1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43309 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e7c6c4fd307b Credits Muhammad Daffa...

WordPress Livemesh Addons for WPBakery Page Builder Plugin <= 3.9 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.9 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43320 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de5a6a68fb13 Credits LVT-tholv2k...

WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...

WordPress EmbedPress Plugin <= 4.0.9 is vulnerable to Local File Inclusion

Software EmbedPress Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43328 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 8a6dffdf0163 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Clone Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92218c2f2d27 Credits Ananda Dhakal Patchstack Required...

WordPress Recipe Card Blocks for Gutenberg & Elementor Plugin <= 3.3.1 is vulnerable to Broken Access Control

Software Recipe Card Blocks for Gutenberg & Elementor Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19c361c53a3a Credits...