WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...

WordPress Ashe Theme <= 2.233 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ashe Type Theme Vulnerable versions = 2.233 Fixed in 2.234 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37478 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01c115634ea3 Credits Dhabaleshwar Das Required...

WordPress Pagerank Tools Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Pagerank Tools Type Plugin Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed7753fdc52a Credits Bob Matyas Required...

WordPress Simple Photoswipe Plugin <= 0.1 is vulnerable to Settings Change

Software Simple Photoswipe Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-5570 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 461ac97ab0b1 Credits Felipe Caon Required privilege...

WordPress Blocksy Theme <= 2.0.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blocksy Type Theme Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37469 Patch priority Low CVSS severity Low 5.4 Developer Creative Themes PSID a4b7cfca4dc7 Credits RE-ALTER Required privileg...

WordPress Simple AL Slider Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Simple AL Slider Type Plugin Vulnerable versions = 1.2.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0854b8133aa8 Credits Bob Matyas Require...

WordPress AWSM Team Plugin <= 1.3.1 is vulnerable to Local File Inclusion

Software AWSM Team Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37454 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a8caf37850ed Credits João Pedro S Alcântara Kinorth...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

WordPress OnePress Theme <= 2.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software OnePress Type Theme Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37448 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c9968969f7ad Credits Dhabaleshwar Das Required...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e5ceb2ec6d1 Credits Rafie Muhamma...

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37427 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d73e6a480d4b Credits Manab Jyoti Dowarah Required...

WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37425 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bdb588fe4e59 Credits Rafie Muhammad Patchstack...

WordPress WP Server Health Stats Plugin 1.7.6 is vulnerable to Backdoor

Software WP Server Health Stats Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 45a546f4e251 Credits WordFence Required privilege Unauthenticated...

WordPress ARMember Premium Plugin < 6.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Premium Type Plugin Vulnerable versions 6.7.1 Fixed in 6.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77f7fcbe1ab Credits Cat Required privile...

WordPress Atarim Plugin <= 3.31 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.31 Fixed in 3.32 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37434 Patch priority Low CVSS severity Low 5.9 Developer Atarim PSID c53738d448b9 Credits piro Required privilege Administrator Published 28 June,...

WordPress Zita Elementor Site Library Plugin <= 1.6.1 is vulnerable to Arbitrary Code Execution

Software Zita Elementor Site Library Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Code Execution CVE CVE-2024-37420 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID a25d18d1f0cd Credits Majed Refaea...

WordPress Coachify Theme <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coachify Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37417 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f240f2751316 Credits Dhabaleshwar Das Required...

WordPress Seo Optimized Images Plugin 2.1.2 is vulnerable to Backdoor

Software Seo Optimized Images Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 88a9e93519c2 Credits WordFence Required privilege Unauthenticated...

WordPress PowerPress Podcasting Plugin 11.9.3-11.9.4 is vulnerable to Backdoor

Software PowerPress Podcasting Type Plugin Vulnerable versions 11.9.3-11.9.4 Fixed in 11.9.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID cc7a51200190 Credits WordFence Required privilege...