WordPress WooCommerce Customers Manager Plugin < 29.7 is vulnerable to SQL Injection

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.7 Fixed in 29.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0399 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3c8fe0630d48 Credits Ivan Spiridonov Required privilege...

WordPress NPS computy Plugin < 2.7.6 is vulnerable to Cross Site Scripting (XSS)

Software NPS computy Type Plugin Vulnerable versions 2.7.6 Fixed in 2.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1754 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3449f6b4bc3 Credits Bob Matyas Required privilege...

WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...

WordPress WP Poll Maker Plugin <= 3.4 is vulnerable to Arbitrary File Upload

Software WP Poll Maker Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32514 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 5f238f52b673 Credits Yudistira Arya Required privilege Subscriber...

WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control

Software Smart Slider 3 Type Plugin Vulnerable versions = 3.5.1.22 Fixed in 3.5.1.23 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3027 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c46698c777af Credits Christiaan Swiers YouGina...

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress DethemeKit For Elementor Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c3d2d2de543b Credits Khalid Yusuf Required privile...

WordPress Bulk Block Converter Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Bulk Block Converter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32542 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 805efd09a347 Credits Dimas Maulana Required...

WordPress Jobs for WordPress Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32149 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8a1acfb2c60 Credits Khalid Yusuf Required privile...

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to SQL Injection

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32137 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2210c42a0a13 Credits Dave Jong Patchstack Required privilege...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to SQL Injection

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32128 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID df09fa02a23c Credits Joshua Chan Required privilege...

WordPress Find Duplicates Plugin <= 1.4.6 is vulnerable to SQL Injection

Software Find Duplicates Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32127 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 52116cf54a22 Credits Le Ngoc Anh Required privilege Subscriber Publish...

WordPress BA Book Everything Plugin <= 1.6.4 is vulnerable to SQL Injection

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32125 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d47407126364 Credits Thanh Nam Tran Required privilege Contributor...

WordPress BEAF Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software BEAF Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32433 Patch priority Low CVSS severity Low 4.3 Developer Themefic PSID 289a94720dc1 Credits Dhabaleshwar Das Required privilege...

WordPress SEO Booster Plugin <= 3.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software SEO Booster Type Plugin Vulnerable versions = 3.8.9 Fixed in 3.8.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-32438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3512a5ab10e4 Credits Joshua Chan Required privile...

WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment Plugin <= 2.6.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Appointment Bookings for Zoom GoogleMeet and more – Wappointment Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32454 Patch priority Low CVSS severity Low 4.4 Developer...

WordPress Easy Contact Form Lite Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Easy Contact Form Lite Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1074c1b0d54 Credits Abdi Pranata Required privile...

WordPress InstaWP Connect Plugin <= 0.1.0.22 is vulnerable to Arbitrary File Upload

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.22 Fixed in 0.1.0.23 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2667 Patch priority High CVSS severity High 10 Developer InstaWP PSID 6dfa02024fd7 Credits AtaTurk1925 Required privilege...

WordPress Download Manager Plugin <= 3.2.82 is vulnerable to Bypass Vulnerability

Software Download Manager Type Plugin Vulnerable versions = 3.2.82 Fixed in 3.2.83 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-32131 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d970a3e505ee Credits Liu Shaohong Required...

WordPress CBX Bookmark & Favorite Plugin <= 1.7.20 is vulnerable to SQL Injection

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.20 Fixed in 1.7.21 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32132 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 07995252cb06 Credits Muhammad Daffa Required privilege...