WordPress Knowledge Base documentation & wiki plugin – BasePress Plugin <= 2.16.1 is vulnerable to Broken Access Control

Software Knowledge Base documentation & wiki plugin – BasePress Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33588 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...

WordPress EPROLO Dropshipping Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software EPROLO Dropshipping Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33573 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5b21a303f43 Credits Abdi Pranata Required...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Broken Access Control

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33547 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0e636c441e01 Credits Rafie Muhammad Patchstack Required...

WordPress Easy Accept Payments Plugin <= 4.9.10 is vulnerable to Broken Access Control

Software Easy Accept Payments Type Plugin Vulnerable versions = 4.9.10 Fixed in 5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33591 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID dc8baebcdbf1 Credits Joshua Chan Required...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Arbitrary File Upload

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-33556 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 108b732f3dae Credits Rafie Muhammad Patchstack...

WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Privilege Escalation

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33569 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID d731bc7eedd6 Credits Rafie...

WordPress WP Time Slots Booking Form Plugin <= 1.2.06 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.06 Fixed in 1.2.07 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33543 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID caafd19bb673 Credits Joshua Chan...

WordPress SSU Plugin <= 1.5.0 is vulnerable to Broken Access Control

Software SSU Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33597 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d4a0eaecd496 Credits Mika Required privilege Unauthenticated...

WordPress Assistant – Every Day Productivity Apps Plugin <= 1.4.9.1 is vulnerable to Sensitive Data Exposure

Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions = 1.4.9.1 Fixed in 1.4.9.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-33538 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Chaty Plugin < 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions 3.1.9 Fixed in 3.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2972 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de00cfe54026 Credits Dmitrii Ignatyev Required privilege...

WordPress Better Comments Plugin < 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Better Comments Type Plugin Vulnerable versions 1.5.6 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2402 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ef62708732b4 Credits Nicolo Required privilege...

WordPress FileOrganizer Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2324 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee105a346d17 Credits Nikolas Required privilege...

WordPress WooCommerce Customers Manager Plugin < 29.8 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.8 Fixed in 29.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1743 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 088073d3e0c4 Credits Erwan LR...

WordPress Premium Addons for Elementor Plugin <= 4.10.28 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.28 Fixed in 4.10.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3885 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID efd244d42ee8 Credits Ngô Thiên An...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

WordPress Social Warfare Plugin <= 4.4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.6.1 Fixed in 4.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4ca6fb05821 Credits Krzysztof Zając...

WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...

WordPress Quick Featured Images Plugin <= 13.7.0 is vulnerable to Broken Access Control

Software Quick Featured Images Type Plugin Vulnerable versions = 13.7.0 Fixed in 13.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3664 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 955c9c9acc5c Credits Lucio Sá Required...

WordPress Newsletters Plugin <=4.9.5 is vulnerable to Sensitive Data Exposure

Software Newsletters Type Plugin Vulnerable versions =4.9.5 Fixed in 4.9.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32953 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5684766cc1ef Credits Peng Zhou Required privilege...