WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection

Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...

WordPress ElementsKit Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7064 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ae540cd84ef6 Credits Webbernaut Required...

WordPress MStore API Plugin <= 4.15.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7628 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 20f8a5490865 Credits Truoc Phan...

WordPress Depicter Slider Plugin <= 3.1.1 is vulnerable to Arbitrary File Upload

Software Depicter Slider Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4389 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 73585a151085 Credits Arkadiusz Hydzik Required privilege...

WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6136 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cbacff106a90 Credits Bob Matyas Required privileg...

WordPress Term And Category Based Posts Widget Plugin < 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Term And Category Based Posts Widget Type Plugin Vulnerable versions 4.9.13 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ddaec10bd6e Credits Dmitrii Ignatyev...

WordPress WooCommerce Social Login Plugin <= 2.7.5 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-7503 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 23315c373121 Credits Truoc Phan Required...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.8.6 is vulnerable to Remote Code Execution (RCE)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-7094 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 31d4d7c86bb1 Credits Conno...

WordPress Busiprof Theme <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Busiprof Type Theme Vulnerable versions = 2.4.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43262 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eb128345a59b Credits stealthcopter Required privilege Contributor...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Settings Change

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 786f4284258a Credits Dave Jong Patchstack Required...

WordPress WHMpress Plugin <= 6.2-revision-5 is vulnerable to Settings Change

Software WHMpress Type Plugin Vulnerable versions = 6.2-revision-5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43247 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 704c9a1f6dad Credits Dave Jong Patchstack Required...

WordPress Christmasify! Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Christmasify! Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7574 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1de3d7f2fe0e Credits vgo0 Required privileg...

WordPress Atarim Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software Atarim Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7621 Patch priority Low CVSS severity Low 5.4 Developer Atarim PSID 410d656b7615 Credits Lucio Sá Required privilege Subscriber Published...

WordPress JobSearch Plugin <= 2.3.4 is vulnerable to Privilege Escalation

Software JobSearch Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-43245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dba18ffc45d3 Credits Dave Jong Patchstack Required...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Deletion

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-43248 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID fe35e84633f6 Credits Dave Jong Patchstack Require...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to PHP Object Injection

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43242 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4d478cf8c35d Credits Rafie Muhammad Patchstack Required...

WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43239 Patch priority Low CVSS severity Low 4.3 Developer Masteriyo PSID 14f36e53d575 Credits Ananda Dhakal...

WordPress Opal Membership Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Opal Membership Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7649 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b301b87dfe8 Credits Karolina Jankowska...

WordPress Compute Links Plugin <= 1.2.1 is vulnerable to Remote File Inclusion

Software Compute Links Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-43261 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 6b5b6ec353fd Credits YCInfosec Required privilege Unauthenticate...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to Privilege Escalation

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-43240 Patch priority High CVSS severity High 9.4 Developer Claim ownership PSID cfa9ba3d1675 Credits...