WordPress Moloni Plugin <= 4.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Moloni Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38694 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c1c98bacc1ee Credits Yudistira Arya Required privilege...

WordPress Zoho CRM Lead Magnet Plugin <= 1.7.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Zoho CRM Lead Magnet Type Plugin Vulnerable versions = 1.7.8.8 Fixed in 1.7.8.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 67a915d6b2e4 Credits Dimas Maulana Required...

WordPress Academy LMS Plugin <= 2.0.4 is vulnerable to Broken Access Control

Software Academy LMS Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38701 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1381c0d8b2d7 Credits filime Required privilege Academy...

WordPress Zoho Campaigns Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Zoho Campaigns Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-38752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48112379bb70 Credits Majed Refaea Required...

WordPress ExS Widgets Plugin <= 0.3.1 is vulnerable to Local File Inclusion

Software ExS Widgets Type Plugin Vulnerable versions = 0.3.1 Fixed in 0.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88483868fd84 Credits João Pedro S Alcântara Kinorth...

WordPress Animated Rotating Words Plugin <= 5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Animated Rotating Words Type Plugin Vulnerable versions = 5.6 Fixed in 5.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38753 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dd7430216b1 Credits Majed Refaea...

WordPress JSON Content Importer Plugin <= 1.5.6 is vulnerable to Server Side Request Forgery (SSRF)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.6.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38723 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f916d2cf2c68 Credits...

WordPress Secure Copy Content Protection and Content Locking Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Secure Copy Content Protection and Content Locking Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6138 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 386e7454f8d8...

WordPress WooCommerce Report Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Report Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38683 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d2a44e699bc6 Credits Le Ngoc Anh Required privileg...

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38676 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5502b7d4c80c Credits LVT-tholv2k Required privilege...

WordPress Multisite Content Copier/Updater Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Multisite Content Copier/Updater Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38673 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84ff3a1a21a7 Credits Dimas Maulana...

WordPress VK All in One Expansion Unit Plugin <= 9.99.1.0 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.99.1.0 Fixed in 9.99.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37956 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 525bd2086dbb Credits savphill Required...

WordPress WP Travel Engine Plugin <= 5.9.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Travel Engine Type Plugin Vulnerable versions = 5.9.1 Fixed in 5.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37944 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1b17a1368976 Credits Manab Jyoti Dowarah Required privileg...

WordPress Sky Addons for Elementor Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38687 Patch priority Low CVSS severity Low 6.5 Developer Shahidul Islam PSID d7729ac64aec Credits Khalid Yusuf Required privileg...

WordPress Spiffy Calendar Plugin <= 4.9.11 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.11 Fixed in 4.9.12 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38692 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 21e2115ebd60 Credits Nguyễn Trung Kiên anhchangmutrang Required...

WordPress Team Members Plugin <= 5.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions = 5.3.3 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0e47f407025 Credits Jean Tirstan T Required privilege...

WordPress REVIEWS.io Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software REVIEWS.io Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38677 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c5a7609b29f0 Credits LVT-tholv2k Required privilege Contributor...

WordPress Gravity Forms: Multiple Form Instances Plugin <= 1.1.1 is vulnerable to Full Path Disclosure (FPD)

Software Gravity Forms: Multiple Form Instances Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6550 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID af3116244e6e Credits...

WordPress WPCS Plugin <= 1.2.0.3 is vulnerable to Content Injection

Software WPCS Type Plugin Vulnerable versions = 1.2.0.3 Fixed in 1.2.0.4 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-38700 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b3604018b32 Credits stealthcopter Required privilege Unauthenticat...

WordPress Bradmax Player Plugin <= 1.1.27 is vulnerable to Cross Site Scripting (XSS)

Software Bradmax Player Type Plugin Vulnerable versions = 1.1.27 Fixed in 1.1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37957 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e282b87fc01 Credits Jean Tirstan T Required privilege...