WordPress PowerPack Pro for Elementor Plugin <= 2.10.14 is vulnerable to Privilege Escalation

Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.10.14 Fixed in 2.10.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-39634 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID...

WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 3.4.6 is vulnerable to Broken Access Control

Software Funnel Builder for WordPress by FunnelKit Type Plugin Vulnerable versions = 3.4.6 Fixed in 3.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f7a411b5f336 Credits Luci...

WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6751 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 88dfd0390d2d Credits István Márton...

WordPress All-in-One Video Gallery Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6629 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 570fc0403d8c Credits Webbernaut...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2759a5c87ac3 Credits István Márton...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df6582eddf1d Credits István Márton...

WordPress Youzify Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software Youzify Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77bf27da026 Credits LVT-tholv2k Required privilege...

WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability

Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...

WordPress CoBlocks Plugin < 3.1.12 is vulnerable to Server Side Request Forgery (SSRF)

Software CoBlocks Type Plugin Vulnerable versions 3.1.12 Fixed in 3.1.12 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4260 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 9551e8b9e50a Credits Dmitrii Ignatyev Required privilege...

WordPress MaxiBlocks Plugin <= 1.9.2 is vulnerable to Arbitrary File Deletion

Software MaxiBlocks Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-6885 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 302b1ce9770d Credits Lucio Sá Required privilege...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39619 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 340c55b26054 Credits Rafie Muhammad Patchstack Required privilege...

WordPress CM Pop-Up banners Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software CM Pop-Up banners Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5004 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c09d4a685e6 Credits Felipe Caon Required...

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

WordPress Conditional Fields for Contact Form 7 Plugin <= 2.4.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Conditional Fields for Contact Form 7 Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e1825173a8a1...

WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 234 is vulnerable to Broken Access Control

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 234 Fixed in 235 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-38792 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b86aa3788718...

WordPress Addonify Plugin <= 1.2.16 is vulnerable to Sensitive Data Exposure

Software Addonify Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6560 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d0b06da3556d Credits stealthcopter Required privileg...

WordPress Mercado Pago payments for WooCommerce Plugin 7.3.0 - 7.6.1 is vulnerable to Arbitrary File Download

Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions 7.3.0 - 7.6.1 Fixed in 7.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2024-3934 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID e624a5a01127...