WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...

WordPress Radio Station Plugin <= 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Radio Station Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abbc08921ba2 Credits Dhabaleshwar Das...

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

WordPress SSL Mixed Content Fix Plugin <= 3.2.6 is vulnerable to Broken Access Control

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11237d78fd75 Credits Dhabaleshwar Das Requir...

WordPress XStore Theme <= 9.3.8 is vulnerable to SQL Injection

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33559 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0996b4472188 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Recencio Book Reviews Plugin <= 1.66.0 is vulnerable to Cross Site Scripting (XSS)

Software Recencio Book Reviews Type Plugin Vulnerable versions = 1.66.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33648 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d6b95a95ae6 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress CM Tooltip Glossary Plugin <= 4.2.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Tooltip Glossary Type Plugin Vulnerable versions = 4.2.11 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4086 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 099499e9a7ab Credits Benedictus Jova...

WordPress PropertyHive Plugin <= 2.0.12 is vulnerable to Broken Access Control

Software PropertyHive Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 20b9880edd45 Credits Lucio Sá Required privilege...

WordPress Solid Affiliate Plugin <= 1.9.1 is vulnerable to Sensitive Data Exposure

Software Solid Affiliate Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-33637 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 0610eeb4f1ac Credits Francois Harvey Required...

WordPress WP Page Post Widget Clone Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Page Post Widget Clone Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33636 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc529e210eb8 Credits Do Minh Long Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

WordPress Better Elementor Addons Plugin <= 1.4.1 is vulnerable to Local File Inclusion

Software Better Elementor Addons Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-33541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 62efde4398ca Credits Ray Wilson Required...

WordPress WP Portfolio Theme <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Portfolio Type Theme Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33537 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 960b34eee068 Credits stealthcopter Required privilege Contributor...

WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...

WordPress WPPizza Plugin <= 3.18.10 is vulnerable to Broken Access Control

Software WPPizza Type Plugin Vulnerable versions = 3.18.10 Fixed in 3.18.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d7917e7b15a2 Credits Majed Refaea Required...

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3045 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d235421a1171...

WordPress Blocksy Theme <= 2.0.39 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.39 Fixed in 2.0.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3747 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 3ec8e6a91460 Credits Ngô Thiên An ancorn Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Settings Change

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33564 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fefe041fa298 Credits Rafie Muhammad Patchstack Required privileg...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Local File Inclusion

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33557 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 942a9619d048 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Customify Site Library Plugin <= 0.0.9 is vulnerable to Remote Code Execution (RCE)

Software Customify Site Library Type Plugin Vulnerable versions = 0.0.9 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Remote Code Execution RCE CVE CVE-2024-33644 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4794ee1ad1c4 Credits Abdi Pranata...