WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Local File Inclusion

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34762 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID c63a5562f29a Credits Security audit Required privile...

WordPress VikBooking Hotel Booking Engine & PMS Plugin < 1.6.8 is vulnerable to Insecure Direct Object References (IDOR)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2441 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7959a03a58d4...

WordPress The Events Calendar Plugin < 6.4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software The Events Calendar Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4180 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID 9ded0dc115b9 Credits Marc...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-3748 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 1c7d92437a35 Credits...

WordPress Download Alt Text AI Plugin <= 1.4.9 is vulnerable to SQL Injection

Software Download Alt Text AI Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4847 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 156a5d33530e Credits Lucio Sá Required privilege Subscriber...

WordPress Copymatic – AI Content Writer & Generator Plugin <= 1.6 is vulnerable to Arbitrary File Upload

Software Copymatic – AI Content Writer & Generator Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31351 Patch priority High CVSS severity High 10 Developer Claim ownership PSID aae3946a50f0 Credits Francois Harvey...

WordPress Sydney Toolbox Plugin <= 1.31 is vulnerable to Cross Site Scripting (XSS)

Software Sydney Toolbox Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4473 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1fd3834832c Credits Ngô Thiên An ancorn Require...

WordPress Borderless Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Borderless Type Plugin Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34757 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6690481ece90 Credits Khalid Yusuf Required privilege Contributor...

WordPress Popup Builder Plugin <= 1.1.29 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 1.1.29 Fixed in 1.1.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 42654a589b9a Credits Rayhan Ramdhany Hanaputra Required...

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.0.0 is vulnerable to Arbitrary File Upload

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32700 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4fb22828865e Credits LVT-tholv2k Required...

WordPress WP Discourse Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software WP Discourse Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4c4620868728 Credits Joshua Chan Required privilege...

WordPress Falang multilanguage Plugin <= 1.3.49 is vulnerable to Cross Site Scripting (XSS)

Software Falang multilanguage Type Plugin Vulnerable versions = 1.3.49 Fixed in 1.3.50 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4417 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f66544b43c9b Credits Benedictus Jovan...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.103 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3547 Patch priority Medium CVSS severity Medium 7.1 Developer Unlimit...

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4277 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ad5ee25dcd1 Credits stealthcopter Required...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

WordPress Hotel Booking Lite Plugin <= 4.11.1 is vulnerable to PHP Object Injection

Software Hotel Booking Lite Type Plugin Vulnerable versions = 4.11.1 Fixed in 4.11.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4413 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f9d7cef7773f Credits Trinh Vu Sonicrrrr Required privilege...

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.4 is vulnerable to Broken Access Control

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.4 Fixed in 1.12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4745 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 632d49d4c2a4 Credits...

WordPress Pods Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Pods Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3956 Patch priority Low CVSS severity Low 6.5 Developer Pods Framework PSID dfdffac18c6b Credits wesley wcraft Required privilege...

WordPress CF7 WOW Styler Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34826 Patch priority Medium CVSS severity Medium 6.3 Developer Tobias PSID 6b711e00da8c Credits Dhabaleshwar Das Required privile...

WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.20 is vulnerable to Broken Access Control

Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.20 Fixed in 2.7.21 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2f441ec415dc Credits...