WordPress Site Reviews Plugin <= 6.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.11.6 Fixed in 6.11.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29095 Patch priority Low CVSS severity Low 5.9 Developer Gemini Labs PSID ea55e6cb50a9 Credits isacaya Required privilege Author Published...

WordPress Extensions For CF7 Plugin <= 3.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Extensions For CF7 Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29102 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 67b6a4990cc0 Credits RE-ALTER Required privilege...

WordPress MJM Clinic Plugin <= 1.1.22 is vulnerable to Cross Site Scripting (XSS)

Software MJM Clinic Type Plugin Vulnerable versions = 1.1.22 Fixed in 1.1.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3af8c5b59be8 Credits Faizal Abroni Required privilege Editor...

WordPress Conversios.io Plugin <= 7.0.7 is vulnerable to SQL Injection

Software Conversios.io Type Plugin Vulnerable versions = 7.0.7 Fixed in 7.0.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1203 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 047c3aed63ee Credits Krzysztof Zając Required privilege Subscriber...

WordPress oik Plugin <= 4.10.0 is vulnerable to Cross Site Scripting (XSS)

Software oik Type Plugin Vulnerable versions = 4.10.0 Fixed in 4.10.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2256 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c1c9316e65f Credits Francesco Carlucci Required...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Directory Traversal

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE CVE-2024-1974 Patch priority Low CVSS severity Low 7.7 Developer HTMega PSID 6d7e2f2731f2 Credits Webbernaut Required privilege Contributor Publish...

WordPress ShopLentor Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 64f9927062c1 Credits Webbernaut Required privilege...

WordPress HUSKY Plugin <= 1.3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.1 Fixed in 1.3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 938e3d425755 Credits Bassem Essam Required privileg...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...

WordPress Pie Register Plugin <= 3.8.3.2 is vulnerable to Arbitrary File Upload

Software Pie Register Type Plugin Vulnerable versions = 3.8.3.2 Fixed in 3.8.3.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-27957 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a371b236f7d1 Credits Rafie Muhammad Patchstack Required...

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...

WordPress Burst Statistics Plugin <= 1.5.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Burst Statistics Type Plugin Vulnerable versions = 1.5.6.1 Fixed in 1.5.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1894 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ddeadfac1606 Credits Webbernaut Required...

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

WordPress Prime Slider – Addons For Elementor Plugin <= 3.13.2 is vulnerable to Cross Site Scripting (XSS)

Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.13.2 Fixed in 3.13.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f2721cd17ac Credits...

WordPress Quiz And Survey Master Plugin <= 8.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27966 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b39b4217a315 Credits Marzieh Hashemi Required...

WordPress Web Application Firewall – website security Plugin <= 2.1.1 is vulnerable to Privilege Escalation

Software Web Application Firewall – website security Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 079a85617a7b Credits...

WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection

Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...

WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2015-10130 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e4875511ed9 Credit...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.8 Fixed in 2.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27953 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 036319de798f...

WordPress Related Posts for WordPress Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Related Posts for WordPress Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0592 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5ec281512 Credits Krzyszto...