WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2087 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ead457b1b8e9 Credits wesley wcraft Required...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3667 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cff58ae2952e Credits Webbernaut Required privilege...

WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5324 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8315f4731f19 Credits 1337Wannabe - home Requir...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.20 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.20 Fixed in 5.7.21 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4295 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 50be2b9566fd Credits 1337Wannabe Required privilege...

WordPress Social Link Pages Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Link Pages Type Plugin Vulnerable versions = 1.6.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3555 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d1f020a1aca Credits Lucio Sá Required...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Fluid Notification Bar Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Fluid Notification Bar Type Plugin Vulnerable versions = 3.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3031 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d5acb8ad0ee Credits Benedictus Jovan...

WordPress Essential Real Estate Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3dd9001bf079 Credits Krzysztof Zając...

WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control

Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

WordPress Responsive Theme <= 5.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Type Theme Vulnerable versions = 5.0.3 Fixed in 5.0.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35654 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c102ae479f0d Credits stealthcopter Required privilege Contribut...

WordPress wpDataTables Plugin <= 6.3.2 is vulnerable to Broken Access Control

Software wpDataTables Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3821 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 276b766fb920 Credits villu164 Required privilege...

WordPress wpDataTables Plugin <= 6.3.1 is vulnerable to SQL Injection

Software wpDataTables Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3820 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 85631b10c84a Credits villu164 Required privilege Unauthenticated Publish...

WordPress Social Login Lite For WooCommerce Plugin <= 1.6.0 is vulnerable to Broken Authentication

Software Social Login Lite For WooCommerce Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-4552 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9ddbae9ad306...

WordPress Emergency Password Reset Plugin <= 8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Emergency Password Reset Type Plugin Vulnerable versions = 8.0 Fixed in 9.0 OWASP Top 10 A8: Software and Data Integrity Failures Classification Cross Site Request Forgery CSRF CVE CVE-2024-35648 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cd74213ad8d6 Credits...

WordPress Advanced Custom Fields PRO Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1daa59fd8d88 Credits Scott Kingsley Clark...

WordPress WPvivid Backup for MainWP Plugin <= 0.9.32 is vulnerable to Cross Site Scripting (XSS)

Software WPvivid Backup for MainWP Type Plugin Vulnerable versions = 0.9.32 Fixed in 0.9.33 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e6744843cdb4 Credits Yudistira Arya...

WordPress Checkout Field Editor for WooCommerce (Pro) Plugin <= 3.6.2 is vulnerable to Arbitrary File Deletion

Software Checkout Field Editor for WooCommerce Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-35658 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 9d1a439eb128 Credits Dave Jong...

WordPress Master Addons for Elementor Plugin <= 2.0.5.4.1 is vulnerable to Broken Access Control

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.5.4.1 Fixed in 2.0.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7197d57368a4 Credits Khali...

WordPress Elements For Elementor Plugin <= 2.1 is vulnerable to Local File Inclusion

Software Elements For Elementor Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5348 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 9e9484637a31 Credits stealthcopter Required privilege...