1527 matches found
WordPress Bulk Change Role Plugin <= 1.1 is vulnerable to Privilege Escalation
Software Bulk Change Role Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50504 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ae994493e2ec Credits Muhamad Ag...
WordPress Signup Page Plugin <= 1.0 is vulnerable to Privilege Escalation
Software Signup Page Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15ed63623277 Credits Mika Required...
WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution
Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...
WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)
Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b793b5e43f7e Credits Peter Thaleikis Required...
WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication
Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...
WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...
WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal
Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...
WordPress Contact Form 7 - Repeatable Fields Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 - Repeatable Fields Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10180 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d39a0f706c9a Credits Pete...
WordPress Clean Retina Theme <= 3.0.6 is vulnerable to Local File Inclusion
Software Clean Retina Type Theme Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e56d05b5bd53 Credits tahu.datar Required privilege Unauthenticate...
WordPress File Upload Types Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software File Upload Types Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10016 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d655bda3dd64 Credits Francesco Carlucci...
WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...
WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)
Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...
WordPress Firelight Lightbox Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Firelight Lightbox Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50460 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2edb2390ea9c Credits Robert DeVore Required privilege...
WordPress The Pack Elementor addons Plugin <= 2.0.9 is vulnerable to Local File Inclusion
Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50453 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e424fb066139 Credits João Pedro S Alcânta...
WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9865 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2193c9ee308 Credits zer0gh0st Required...
WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.43 is vulnerable to Sensitive Data Exposure
Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.43 Fixed in 1.6.44 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10050 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 22957639a0e5...
WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control
Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...
WordPress Download Plugin Plugin <= 2.2.0 is vulnerable to Broken Access Control
Software Download Plugin Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9829 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da1ab1cf4af2 Credits WordFence Required...
WordPress Simple Custom Admin Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Simple Custom Admin Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49647 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3970364b5682 Credits Mika Required privilege...