WordPress Weather Atlas Widget Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Weather Atlas Widget Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52472 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5504e62dc0b7 Credits LVT-tholv2k Required privileg...

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b71de0a7a1a1 Credits István Márton...

WordPress nBlocks Plugin <= 1.0.2 is vulnerable to Local File Inclusion

Software nBlocks Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-52450 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d4618b9386b6 Credits João Pedro S Alcântara Kinorth Required...

WordPress PostX Plugin <= 4.1.16 is vulnerable to Broken Access Control

Software PostX Type Plugin Vulnerable versions = 4.1.16 Fixed in 4.1.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10728 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 29722a758707 Credits Sean Murphy Required privilege...

WordPress Youneeq Recommendations Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Youneeq Recommendations Type Plugin Vulnerable versions = 3.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52457 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8204a0f3cdb4 Credits João Pedro S Alcântara...

WordPress Open edX LMS Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Open edX LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52452 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 991dc17302e9 Credits Mika Required privilege Unauthenticat...

WordPress Xpresslane Fast Checkout Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Xpresslane Fast Checkout Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52440 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2eaf53da7194 Credits LVT-tholv2k Required privilege...

WordPress Quick Learn Plugin <= 1.0.1 is vulnerable to PHP Object Injection

Software Quick Learn Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52441 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 09d3039a1cf9 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Chameleoni Jobs Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Chameleoni Jobs Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52459 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da3f6efdaf56 Credits João Pedro S Alcântara Kinorth...

WordPress BulkPress Plugin <= 0.3.5 is vulnerable to Cross Site Scripting (XSS)

Software BulkPress Type Plugin Vulnerable versions = 0.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 569ddc3d9617 Credits vgo0 Required privilege...

WordPress SimpleForm Contact Form Submissions Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SimpleForm Contact Form Submissions Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1b7fe42353c4 Credits...

WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation

Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

WordPress Lis Video Gallery Plugin <= 0.2.1 is vulnerable to PHP Object Injection

Software Lis Video Gallery Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52430 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a078bb126c5a Credits LVT-tholv2k Required privilege...

WordPress SimpleForm Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software SimpleForm Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9428f96f6e1 Credits Peter Thaleikis Required...

WordPress WP Quick Setup Plugin <= 2.0 is vulnerable to Arbitrary File Upload

Software WP Quick Setup Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52429 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ceb3ca8b7fc9 Credits Mika Required privilege Subscriber Published...

WordPress Drop Shadow Boxes Plugin <= 1.7.14 is vulnerable to Arbitrary Code Execution

Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10262 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID ab9605f66d27 Credits Arkadiusz Hydzik Required privilege...

WordPress WordPress Video Robot - The Ultimate Video Importer Plugin <= 1.20.0 is vulnerable to SQL Injection

Software WordPress Video Robot - The Ultimate Video Importer Type Plugin Vulnerable versions = 1.20.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52431 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 535a5d7fd7c2 Credits Bonds Requir...

WordPress Event Tickets with Ticket Scanner Plugin <= 2.3.11 is vulnerable to Remote Code Execution (RCE)

Software Event Tickets with Ticket Scanner Type Plugin Vulnerable versions = 2.3.11 Fixed in 2.3.12 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52427 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 3ef418855694 Credits Hakiduck...

WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9186 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0bc9c96e6168 Credits y4ng0615 Required privilege Unauthenticated...