WordPress CPO Companion Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Companion Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33916 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 57daf6c77a1b Credits Ngô Thiên An ancorn from VNPT-VCI Required...

RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2019:2745)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2745 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

WordPress Backup Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8830eaae290 Credits Dhabaleshwar Das Required...

WordPress Elevate WP Theme <= 1.0.15 is vulnerable to Broken Access Control

Software Elevate WP Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b361a992792d Credits Dhabaleshwar Das Required privile...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33694 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04ccfd2bf640 Credits Joshua Chan Required privile...

WordPress Althea WP Theme <= 1.0.13 is vulnerable to Broken Access Control

Software Althea WP Type Theme Vulnerable versions = 1.0.13 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5f642c59b Credits Dhabaleshwar Das Required privileg...

WordPress Zeever Theme <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zeever Type Theme Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 920f9a11d3ed Credits Dhabaleshwar Das Required...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress Fancy Product Designer Plugin < 6.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.8 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0905 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fb94dea6052 Credits Bob Matyas...

WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...

WordPress Duplicate Post Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Duplicate Post Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8977e93ea85 Credits Dhabaleshwar Das Required...

WordPress Financio Theme <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Financio Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33690 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a500173c6581 Credits Dhabaleshwar Das Required...

WordPress Accountra Theme <= 1.0.3 is vulnerable to Broken Access Control

Software Accountra Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56009c31f7f6 Credits Dhabaleshwar Das Required privilege...

WordPress Call Now Button Plugin < 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Call Now Button Type Plugin Vulnerable versions 1.4.7 Fixed in 1.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2908 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1848a4a46e87 Credits Dikshita Trivedi...

WordPress MainWP Child Reports Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33680 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2150654abae2 Credits Brandon Roldan...

WordPress PPOM for WooCommerce Plugin <= 32.0.18 is vulnerable to Arbitrary File Upload

Software PPOM for WooCommerce Type Plugin Vulnerable versions = 32.0.18 Fixed in 32.0.19 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3962 Patch priority High CVSS severity High 10 Developer Claim ownership PSID e45867d8f81a Credits andrea bocchetti Required...

WordPress WP SMTP Plugin 1.2 - 1.2.6 is vulnerable to SQL Injection

Software WP SMTP Type Plugin Vulnerable versions 1.2 - 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1789 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cf0dba8db665 Credits Christiaan Swiers YouGina Required privilege...

WordPress Photology Theme <= 1.1.3 is vulnerable to Broken Access Control

Software Photology Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29f6cff8157b Credits Dhabaleshwar Das Required privilege...

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...