WordPress Church Admin Plugin <= 4.4.6 is vulnerable to Arbitrary File Upload

Software Church Admin Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-37418 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID 3fae9e77c92b Credits Peng Zhou Required privilege Subscriber Publish...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.1.3 is vulnerable to Local File Inclusion

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-37501 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 09c35e44898b Credits João Pedro S Alcântar...

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.33 is vulnerable to Sensitive Data Exposure

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-37498 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b592d73e1659...

WordPress Nested Pages Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nested Pages Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5943 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID ec525e948d0f Credits Bassem Essam Required...

WordPress The Post Grid Plugin <= 7.7.4 is vulnerable to Broken Access Control

Software The Post Grid Type Plugin Vulnerable versions = 7.7.4 Fixed in 7.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37482 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID cde94030335f Credits Rafie Muhammad Patchstack Requir...

WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control

Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37510 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a9ef1ac55d95 Credits Dhabaleshwar Das Require...

WordPress bbPress Notify Plugin <= 2.18.3 is vulnerable to Cross Site Scripting (XSS)

Software bbPress Notify Type Plugin Vulnerable versions = 2.18.3 Fixed in 2.18.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37485 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64ebe76096fa Credits Dimas Maulana Required privileg...

WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor

Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress YITH WooCommerce Affiliates Plugin <= 3.8.0 is vulnerable to Backdoor

Software YITH WooCommerce Affiliates Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer YITH PSID 6b928027e13c Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress Logic Hop Plugin <= 3.8.8 is vulnerable to Backdoor

Software Logic Hop Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.9.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e54343bdaeda Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Contact Form 7 Multi-Step Addon Plugin <= 1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8aae8a0dc1cb Credits Sansec.io Required privilege Unauthenticated...

WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.1 is vulnerable to Cross Site Scripting (XSS)

Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.1 Fixed in 5.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4482 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...

WordPress Simply Show Hooks Plugin <= 1.2.1 is vulnerable to Backdoor

Software Simply Show Hooks Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9717f5492dd4 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 20...

WordPress Product Customer List for WooCommerce Plugin <= 3.1.6 is vulnerable to Backdoor

Software Product Customer List for WooCommerce Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 23316ac7b932 Credits Sansec.io Required privilege Unauthenticate...

WordPress nicen-localize-image Plugin <= 1.4.1 is vulnerable to Backdoor

Software nicen-localize-image Type Plugin Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9cc7d9fd0cd5 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress Rank Math SEO Plugin < 1.0.219 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions 1.0.219 Fixed in 1.0.219 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4627 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad021b2fbe4b Credits Dmitrii Ignatyev Require...

WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Void Contact Form 7 Widget For Elementor Page Builder Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5419 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Ultimate Addons for Elementor Plugin <= 1.36.31 is vulnerable to Privilege Escalation

Software Ultimate Addons for Elementor Type Plugin Vulnerable versions = 1.36.31 Fixed in 1.36.32 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37455 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID accfb8b8dfc3 Credits Ngô...

WordPress Events Manager Plugin <= 6.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.8 Fixed in 6.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5889 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a114bc7cd5f Credits kauenavarro Require...

WordPress Highlight Theme <= 1.0.29 is vulnerable to Cross Site Request Forgery (CSRF)

Software Highlight Type Theme Vulnerable versions = 1.0.29 Fixed in 1.0.30 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3256d2afc0e1 Credits Dhabaleshwar Das Require...