7 matches found
WordPress Woocommerce Product Design Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload
Software Woocommerce Product Design Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50482 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 410808c7ca79 Credits Bonds Required privilege...
WordPress GRÜN spendino Spendenformular Plugin <= 1.0.1 is vulnerable to Privilege Escalation
Software GRÜN spendino Spendenformular Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50476 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6ea142807fb0...
WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Broken Authentication
Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 140fce8f5a83 Credits István...
WordPress Acnoo Flutter API Plugin <= 1.0.5 is vulnerable to Privilege Escalation
Software Acnoo Flutter API Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50486 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 69fb59b59cf8 Credits...
WordPress WP Simple HTML Sitemap Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)
Software WP Simple HTML Sitemap Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46627 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4aa5ac9576e1 Credits Le Ngoc Anh...
WordPress WP Word Count Plugin <= 3.2.4 is vulnerable to Broken Access Control
Software WP Word Count Type Plugin Vulnerable versions = 3.2.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID becf99c528fe Credits Abdi Pranata Required privilege...
alaskavu.fr XSS vulnerability
Open Bug Bounty ID: OBB-366420 Description| Value ---|--- Affected Website:| alaskavu.fr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...