WordPress Save as PDF plugin by Pdfcrowd Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35649 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7dd6585cf515 Credits LVT-tholv2k Required...

WordPress Netgsm Plugin <= 2.9.19 is vulnerable to Broken Access Control

Software Netgsm Type Plugin Vulnerable versions = 2.9.19 Fixed in 2.9.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35672 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ec4277f3436d Credits Majed Refaea Required privilege...

WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...

WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3200 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 101daf0caeac Credits Krzysztof Zając Required privilege Contributor...

WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)

Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...

WordPress Responsive Owl Carousel for Elementor Plugin <= 1.2.0 is vulnerable to Local File Inclusion

Software Responsive Owl Carousel for Elementor Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5345 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 48748da13e8e Credits stealthcopter Require...

WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection

Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...

WordPress Happy Addons for Elementor Plugin <= 3.10.9 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.10.9 Fixed in 3.11.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5347 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID ebc3fed24a0c Credits wesley wcraft Requir...

WordPress Comparison Slider Plugin <= 1.0.5 is vulnerable to Broken Access Control

Software Comparison Slider Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f32c9b917a8 Credits Benedictus Jovan aillesiM...

WordPress Ninja Tables Plugin <= 5.0.9 is vulnerable to Server Side Request Forgery (SSRF)

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-35635 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 2b5ac1cd1dee Credits Yuchen J...

WordPress WP Back Button Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Back Button Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35643 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 90452d019b78 Credits alfido osdie Patchstack Alliance Required...

WordPress Simple Spoiler Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Spoiler Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35639 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c046b9bc81be Credits Cronus Required privilege Administrator...

WordPress Testimonial Carousel For Elementor Plugin <= 10.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Carousel For Elementor Type Plugin Vulnerable versions = 10.2.2 Fixed in 10.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2253 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411cbe7852c2 Credits...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.89 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.89 Fixed in 1.5.91 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6743 Patch priority High CVSS severity High 9.9 Developer Unlimited Elements PSID...

WordPress Yumpu ePaper publishing Plugin <= 2.0.24 is vulnerable to Broken Access Control

Software Yumpu ePaper publishing Type Plugin Vulnerable versions = 2.0.24 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3277 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 08c9f70d34e3 Credits Lucio Sá Required...

WordPress Swiss Toolkit For WP Plugin <= 1.0.7 is vulnerable to Broken Authentication

Software Swiss Toolkit For WP Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-5204 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 07e08699642a Credits István Márton...

WordPress Login with phone number Plugin <= 1.7.26 is vulnerable to Privilege Escalation

Software Login with phone number Type Plugin Vulnerable versions = 1.7.26 Fixed in 1.7.27 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-5150 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID a2294e0242d6 Credits István Márton Required...

WordPress Web Directory Free Plugin < 1.7.0 is vulnerable to SQL Injection

Software Web Directory Free Type Plugin Vulnerable versions 1.7.0 Fixed in 1.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3552 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 93c3a72f236f Credits Simone Onofri Kim Cerra Andrea De Dominicis...

WordPress Easy Digital Downloads – Recent Purchases Plugin <= 1.0.2 is vulnerable to Remote File Inclusion

Software Easy Digital Downloads – Recent Purchases Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-35629 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 23e0c1b90e02 Credits YCInfosec Require...

WordPress Primary Addon for Elementor Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5229 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e45d83fa375c Credits stealthcopte...