WordPress WP Statistics Plugin <= 14.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Statistics Type Plugin Vulnerable versions = 14.5 Fixed in 14.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2194 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2615a6c0c9 Credits Tim Coen Required...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin <= 4.21.96 is vulnerable to Remote Code Execution (RCE)

Software Anti-Malware Security and Brute-Force Firewall Type Plugin Vulnerable versions = 4.21.96 Fixed in 4.23.56 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-22144 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 7fc7064849ae Credits...

WordPress Easy Social Feed Plugin <= 6.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.4 Fixed in 6.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1214 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7cd784da6bf Credits Eldar Zeynalli...

WordPress Formidable Registration Plugin < 2.12 is vulnerable to Broken Authentication

Software Formidable Registration Type Plugin Vulnerable versions 2.12 Fixed in 2.12 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-1290 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID de229a590aad Credits Scott Kingsley Clark...

WordPress WP Go Maps Plugin <= 9.0.32 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.32 Fixed in 9.0.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1582 Patch priority Low CVSS severity Low 6.5 Developer WP Go Maps PSID 69b3a77b21e0 Credits Richard Telleng stueotue Require...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

WordPress LadiApp Plugin <= 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software LadiApp Type Plugin Vulnerable versions = 4.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e10faf3494b Credits GiongfNef Required privilege...

WordPress Digits Plugin <= 8.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Digits Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d69a9fce5806 Credits István Márton Required...

WordPress EventPrime Plugin <= 3.4.2 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1123 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c2164132e177 Credits Lucio Sá Required privilege...

WordPress Mollie Forms Plugin <= 2.6.3 is vulnerable to Broken Access Control

Software Mollie Forms Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1400 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 216cfadafbb9 Credits Lucio Sá Required privilege...

WordPress Colibri Page Builder Plugin <= 1.0.260 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.260 Fixed in 1.0.263 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ddfb3a20814b Credits HappyFunTime Required...

WordPress WooCommerce Add to Cart Custom Redirect Plugin <= 1.2.13 is vulnerable to Broken Access Control

Software WooCommerce Add to Cart Custom Redirect Type Plugin Vulnerable versions = 1.2.13 Fixed in 1.2.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1862 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c97532040847 Credits Luci...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.32 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.32 Fixed in 2.10.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2126 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 112915e33a62 Credits wesley wcraft...

WordPress affiliate-toolkit Plugin <= 3.5.4 is vulnerable to Broken Access Control

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.5.4 Fixed in 3.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d859163539c3 Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1169 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9cb60e0ebc18 Credits Lucio Sá Required privilege...

WordPress Premium Addons PRO Plugin <= 2.9.12 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.12 Fixed in 2.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d43c6fdfdb0b Credits wesley wcraft...

WordPress PageLayer Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2127 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0658bd2623bb Credits wesley wcraft Required privile...

WordPress User Registration Plugin <= 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1720 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID f3574c07a0a6 Credits stealthcopter Required...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1158 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d73d2a4cbed Credits Lucio Sá Required privilege...

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1170 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 07e9d4cd19c1 Credits Lucio Sá Required privilege...