WordPress YITH WooCommerce Account Funds Premium Plugin <= 1.33.0 is vulnerable to Broken Access Control

Software YITH WooCommerce Account Funds Premium Type Plugin Vulnerable versions = 1.33.0 Fixed in 1.34.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30470 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c87cc5ed5cea Credit...

WordPress Social Icons Widget & Block by WPZOOM Plugin <= 4.2.15 is vulnerable to Broken Access Control

Software Social Icons Widget & Block by WPZOOM Type Plugin Vulnerable versions = 4.2.15 Fixed in 4.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30464 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 49894ab6e8af Credits Rafie...

WordPress Church Admin Plugin <= 4.1.18 is vulnerable to Broken Access Control

Software Church Admin Type Plugin Vulnerable versions = 4.1.18 Fixed in 4.1.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30505 Patch priority Medium CVSS severity Medium 5.4 Developer Andy Moyle PSID 4be0d3ba3cb9 Credits CatFather Required privilege...

WordPress ProfileGrid Plugin <= 5.7.8 is vulnerable to SQL Injection

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.8 Fixed in 5.7.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30491 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c5d6607607c2 Credits LVT-tholv2k Required privilege Subscriber Published...

WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...

WordPress CMP – Coming Soon & Maintenance Plugin <= 4.1.10 is vulnerable to Server Side Request Forgery (SSRF)

Software CMP – Coming Soon & Maintenance Type Plugin Vulnerable versions = 4.1.10 Fixed in 4.1.11 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-50374 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID...

WordPress Slider by Supsystic Plugin <= 1.8.10 is vulnerable to SQL Injection

Software Slider by Supsystic Type Plugin Vulnerable versions = 1.8.10 Fixed in 1.8.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30237 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6fa97cac7811 Credits Jean Tirstan T Required privilege...

WordPress Church Admin Plugin <= 4.0.27 is vulnerable to SQL Injection

Software Church Admin Type Plugin Vulnerable versions = 4.0.27 Fixed in 4.0.28 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30244 Patch priority Medium CVSS severity Medium 8.5 Developer Andy Moyle PSID f10836385922 Credits LVT-tholv2k Required privilege Contributor...

WordPress Link Whisper Free Plugin <= 0.7.1 is vulnerable to PHP Object Injection

Software Link Whisper Free Type Plugin Vulnerable versions = 0.7.1 Fixed in 0.7.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2693 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 1e82ed02e277 Credits Francesco Carlucci Required privile...

WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control

Software Max Mega Menu Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ddcba15780a Credits Rafie Muhammad Patchstack Require...

WordPress Media Library Assistant Plugin <= 3.13 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2871 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 35f3b6344141 Credits stealthcopter Required privilege Contributor...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

WordPress Hercules Core Plugin <= 6.4 is vulnerable to PHP Object Injection

Software Hercules Core Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30228 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f62f114ea206 Credits Dave Jong Patchstack Required privilege...

WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1364 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID e0fb22528db4 Credits wesley wcraft Required privilege...

WordPress Contact Form to Any API Plugin <= 1.1.8 is vulnerable to SQL Injection

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30242 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f2d596609a9a Credits Le Ngoc Anh Required privilege Subscrib...

WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...

WordPress Contest Gallery Plugin <= 21.3.4 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.4 Fixed in 21.3.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30236 Patch priority Low CVSS severity Low 8.5 Developer Wasiliy Strecker PSID 03348ec935e2 Credits Emili Castells Required privilege Contributor...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.11 Fixed in 5.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 33b39d3a1006 Credits Rafie Muhammad...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

WordPress Event Tickets Plugin <= 5.8.2 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2261 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID 4127cd4a2b13 Credits Tim Coen Required privile...