WordPress Ajax Load More Plugin <= 7.0.1 is vulnerable to Directory Traversal

Software Ajax Load More Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-1790 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 0e28f3a7fca4 Credits Hoa Le Ngoc lengochoa Required privilege...

WordPress Colibri Page Builder Plugin <= 1.0.248 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.248 Fixed in 1.0.249 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28004 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13159cde48e3 Credits Rafie Muhammad...

WordPress WP Migrate Plugin <= 2.6.10 is vulnerable to PHP Object Injection

Software WP Migrate Type Plugin Vulnerable versions = 2.6.10 Fixed in 2.6.11 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6b6e8d810b6a Credits Dave Jong Patchstack Required privilege...

WordPress Real Media Library Lite Plugin <= 4.22.7 is vulnerable to Cross Site Scripting (XSS)

Software Real Media Library Lite Type Plugin Vulnerable versions = 4.22.7 Fixed in 4.22.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2027 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 04ccee33aae6 Credits Ngô Thiên An...

WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2121 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 384f5531d486 Credits wesley wcraft Required privilege...

WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to PHP Object Injection

Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30227 Patch priority High CVSS severity High 9 Developer Claim ownership PSID d77f0684feba Credits LVT-tholv2k Required privilege...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.1.4 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-29100 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID cd77a38bda8f Credits Rafie Muhammad Patchstac...

WordPress RegistrationMagic Plugin <= 5.3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.0.0 Fixed in 5.3.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-2951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d9399326561 Credits Joshua Chan Required...

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Calendarista Plugin <= 15.5.7 is vulnerable to SQL Injection

Software Calendarista Type Plugin Vulnerable versions = 15.5.7 Fixed in 15.5.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30240 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c87b524aa9f2 Credits Ivan Spiridonov Required privilege Subscriber...

WordPress Easy Textillate Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Easy Textillate Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2fef30ce1b2 Credits Tien Luong Required...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6cea17ebc47f Credits Majed Refaea Required privilege Subscribe...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.24 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.24 Fixed in 4.5.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29795 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress CM Download Manager Plugin < 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM Download Manager Type Plugin Vulnerable versions 2.9.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1232 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 53bfb88d3fb3 Credits Sushmita Poudel...

WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection

Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2025 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6110ece7c17e Credits Francesco Carlucci Required privilege Subscrib...

WordPress Stratum Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software Stratum Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d8d138923e6 Credits Khalid Yusuf Required privilege Contributor...

WordPress FlatPM Plugin < 3.1.05 is vulnerable to Cross Site Scripting (XSS)

Software FlatPM Type Plugin Vulnerable versions 3.1.05 Fixed in 3.1.05 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 707de1bb10ec Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Schema Pro Plugin < 2.7.16 is vulnerable to Broken Access Control

Software Schema Pro Type Plugin Vulnerable versions 2.7.16 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1564 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68dac5194d9b Credits Scott Kingsley Clark Required...

WordPress SEOPress Plugin <= 7.5.2.1 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions = 7.5.2.1 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2165 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b92e3ab1041a Credits Ngô Thiên An ancorn - VNPT-VCI ...

WordPress Locatoraid Store Locator Plugin <= 3.9.30 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.30 Fixed in 3.9.31 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30181 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f59c57fd908e Credits Joshua Chan Required...