1527 matches found
WordPress WordPress Comments Import & Export Plugin <= 2.3.7 is vulnerable to Directory Traversal
Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-7514 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 06055d28d8b6 Credits scottaglia Required...
WordPress External featured image from bing Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)
Software External featured image from bing Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-48027 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID dfcd7085e39e Credits João...
WordPress pretix widget Plugin <= 1.0.5 is vulnerable to Local File Inclusion
Software pretix widget Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2024-9575 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a2933f81cf6 Credits João Pedro S Alcântara Kinorth Required...
WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability
Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...
WordPress ThemeHunk Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software ThemeHunk Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8433 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c1773d3ddeac Credits Lucio Sá Required...
WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to SQL Injection
Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48020 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 257cfd27ce2c Credits Hakiduck Required...
WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9528 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 973bb3afee30 Credits Ivan Kuzymchak Required...
WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control
Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...
WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload
Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...
WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control
Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a4b648ba0bb Credits Keitaro Yamazaki Required...
WordPress PWA Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)
Software PWA Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c235cb7639b9 Credits Francesco Carlucci Required privileg...
WordPress RabbitLoader Plugin <= 2.21.0 is vulnerable to Cross Site Scripting (XSS)
Software RabbitLoader Type Plugin Vulnerable versions = 2.21.0 Fixed in 2.21.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8800 Patch priority Medium CVSS severity Medium 7.1 Developer RabbitLoader PSID 60a2212deaee Credits vgo0 Required privileg...
WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)
Software SEOPress Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 788a715fcbd5 Credits vgo0 Required privilege...
WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download
Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...
WordPress Stars Testimonials Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Stars Testimonials Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8989 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b53073d7e5ac Credits Peter Thaleikis...
WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...
WordPress WP MyLinks Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)
Software WP MyLinks Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a980ce4c70f6 Credits SOPROBRO Required privilege Editor Publishe...
WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...
WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47374 Patch priority Medium CVSS severity Medium 7.1 Developer Hai Zheng / Lite Speed Cache PSID b2ad66b394ec Credits TaiYou Required...
WordPress Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Plugin <= 1.27 is vulnerable to Cross Site Scripting (XSS)
Software Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Type Plugin Vulnerable versions = 1.27 Fixed in 1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47647 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aac881dee8e9 Credits...