WordPress Debug Log Manager Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Debug Log Manager Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-32582 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f92fe55cb9f Credits Majed Refaea Required...

WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection

Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32603 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a5c09e662bc0 Credits LVT-tholv2k Required privilege Subscriber...

WordPress TeraWallet – For WooCommerce Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software TeraWallet – For WooCommerce Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32584 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3858d275e8c9 Credits Joshua Chan Required...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32562 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b69a38ab3f39 Credits Dave Jong Patchstack Required privilege...

WordPress Jotform Online Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jotform Online Forms Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32527 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eac99777a8f Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Bulk Block Converter Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Block Converter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32542 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 805efd09a347 Credits Dimas Maulana Required...

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress Login with phone number Plugin <= 1.7.16 is vulnerable to Privilege Escalation

Software Login with phone number Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-32507 Patch priority High CVSS severity High 8.8 Developer Hamid Alinia PSID e4775c75d080 Credits Emili Castells Requir...

WordPress BMI Adult & Kid Calculator Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software BMI Adult & Kid Calculator Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-32550 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 6c58017d5b00 Credits Faizal Abroni Required privile...

WordPress Advanced Post Block - Post Grid for WordPress block editor Plugin <= 1.13.4 is vulnerable to Broken Access Control

Software Advanced Post Block - Post Grid for WordPress block editor Type Plugin Vulnerable versions = 1.13.4 Fixed in 1.13.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0908 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Radio Player Plugin <= 2.0.73 is vulnerable to Sensitive Data Exposure

Software Radio Player Type Plugin Vulnerable versions = 2.0.73 Fixed in 2.0.74 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32506 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4e6e2407c28d Credits Steven Julian Required...

WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control

Software Smart Slider 3 Type Plugin Vulnerable versions = 3.5.1.22 Fixed in 3.5.1.23 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3027 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c46698c777af Credits Christiaan Swiers YouGina...

WordPress Canva – Design beautiful blog graphics Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Canva – Design beautiful blog graphics Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32545 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 803f9df04167 Credits Dimas Maula...

WordPress Code Insert Manager (Q2W3 Inc Manager) Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Code Insert Manager Q2W3 Inc Manager Type Plugin Vulnerable versions = 2.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32547 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID c408b8a3e4fc Credits Dimas Maulana...

WordPress Carousel Slider Plugin < 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.7 Fixed in 2.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1712 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be0c9e02881f Credits Dmitrii Ignatyev Required...

WordPress Everest Backup Plugin < 2.2.5 is vulnerable to Arbitrary File Upload

Software Everest Backup Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-7201 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e4434e41add7 Credits Emad Required privilege Administrator Publish...

WordPress MJ Update History Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software MJ Update History Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32543 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f5d10b529f0 Credits Dimas Maulana Required privilege...

WordPress Top Bar Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Top Bar Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1660 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c5d854410a5 Credits Dmitrii Ignatyev Required privileg...

WordPress Inline Related Posts Plugin < 3.6.0 is vulnerable to Broken Access Control

Software Inline Related Posts Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6257 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c2f0b627f547 Credits Krzysztof Zając CERT PL...

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...