WordPress BuddyForms Plugin <= 2.8.8 is vulnerable to Arbitrary File Download

Software BuddyForms Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32830 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID df4ae0005bef Credits Yudistira Arya Required privilege...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

WordPress Rate my Post – WP Rating System Plugin <= 3.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Rate my Post – WP Rating System Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32823 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3390dc0a9f18...

WordPress Podlove Podcast Publisher Plugin <= 4.0.14 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.14 Fixed in 4.0.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32712 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 03f3d1e3ccd2 Credits LVT-tholv2k...

WordPress WP GoToWebinar Plugin <= 14.46 is vulnerable to Broken Access Control

Software WP GoToWebinar Type Plugin Vulnerable versions = 14.46 Fixed in 15.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dac08fd623ab Credits Abdi Pranata Required privilege...

WordPress Sendinblue for WooCommerce Plugin <= 4.0.17 is vulnerable to Arbitrary File Download

Software Sendinblue for WooCommerce Type Plugin Vulnerable versions = 4.0.17 Fixed in 4.0.18 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32807 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1a6d8c4d6ed3 Credits Yudistira Arya...

WordPress ProfileGrid Plugin <= 5.8.2 is vulnerable to Bypass Vulnerability

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-32774 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32476e3a5d62 Credits Kyle Sanchez Required privilege Subscrib...

WordPress The Pack Elementor addons Plugin <= 2.0.8.2 is vulnerable to Server Side Request Forgery (SSRF)

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.8.2 Fixed in 2.0.8.3 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32718 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 86389b782087...

WordPress SchedulePress Plugin <= 5.0.8 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7d1404ed0d5c Credits Majed Refaea Required...

WordPress StreamWeasels Twitch Integration Plugin <= 1.7.8 is vulnerable to Sensitive Data Exposure

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32716 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eec287347b22 Credits Majed Refa...

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

WordPress Royal Elementor Addons Plugin <= 1.3.94 is vulnerable to Arbitrary File Upload

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.94 Fixed in 1.3.95 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-1567 Patch priority High CVSS severity High 8.2 Developer WProyal PSID 7b79f8ce62d8 Credits wesley wcraft Required...

WordPress All-in-one Like Widget Plugin <= 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software All-in-one Like Widget Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32815 Patch priority Low CVSS severity Low 5.9 Developer Jeroen Peters PSID 19340c2d052a Credits Joshua Chan Required privilege...

PT-2024-26797

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a missing bounds check in superblock validation in the bcachefs component of the Linux kernel. This could potentially allow journal entries to overrun the end of...

WordPress Chauffeur Taxi Booking System for WordPress Plugin <= 6.9 is vulnerable to Broken Authentication

Software Chauffeur Taxi Booking System for WordPress Type Plugin Vulnerable versions = 6.9 Fixed in 7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-32692 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 7552e0fad1fd Credits luc...

WordPress Automatic Plugin < 3.93.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions 3.93.0 Fixed in 3.93.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 83f469455e38 Credits Rafie Muhammad Patchstack...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

WordPress Customer Reviews for WooCommerce Plugin <= 5.47.0 is vulnerable to Cross Site Scripting (XSS)

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.47.0 Fixed in 5.48.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3731 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75e280aac3db Credits...

WordPress Infographic Maker – iList Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baa0cb27dbc1 Credits Khalid Yusuf Required...