WordPress Seriously Simple Podcasting Plugin < 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3751 Patch priority Low CVSS severity Low 5.9 Developer Castos PSID a88cd16d6fc7 Credits Thanh Hang Required...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5284 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f0487dd08240 Credits Bob Matyas Required...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...

WordPress Bug Library Plugin < 2.1.1 is vulnerable to Remote Code Execution (RCE)

Software Bug Library Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5450 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5f64af27fea2 Credits Bob Matyas Required privilege Unauthenticat...

WordPress Tournamatch Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Tournamatch Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5627 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 160ba992cf57 Credits Davide Balzano Required...

WordPress Smart Image Gallery Plugin < 1.0.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Image Gallery Type Plugin Vulnerable versions 1.0.19 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13b040259b7b Credits Bob Matyas...

WordPress Hostel Plugin < 1.1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Hostel Type Plugin Vulnerable versions 1.1.5.3 Fixed in 1.1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8eec664963a4 Credits Bob Matyas Required...

WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)

Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...

WordPress CM Email Registration Blacklist and Whitelist Plugin < 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Email Registration Blacklist and Whitelist Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 352ac64ce637...

WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5280 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fe8966b39d9 Credits caon Required...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6075 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c3f59dd6bdda Credits Bob Matyas Required privileg...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6072 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 416714c64e72 Credits Bob Matyas Required...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 671675d484b6 Credits Bob Matyas Required privilege...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

WordPress NextGEN Gallery Plugin < 3.59.3 is vulnerable to Cross Site Scripting (XSS)

Software NextGEN Gallery Type Plugin Vulnerable versions 3.59.3 Fixed in 3.59.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5442 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 16bde9ef9207 Credits Krugov Artyom Required...

WordPress Shortcodes Ultimate Pro Plugin < 7.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.1.5 Fixed in 7.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6182f916e0f Credits Dmitrii Ignatyev...

WordPress Quotes And Tips Plugin < 1.45 is vulnerable to Arbitrary File Upload

Software Quotes And Tips Type Plugin Vulnerable versions 1.45 Fixed in 1.45 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3112 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID a96054a32ac9 Credits Peng Zhou zpbrent Required privilege...

WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL Injection

Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5325 Patch priority High CVSS severity High 8.5 Developer WPVibes PSID ede7aa3d2234 Credits Peter Thaleikis Required...