572 matches found
WordPress BulkPress Plugin <= 0.3.5 is vulnerable to Cross Site Scripting (XSS)
Software BulkPress Type Plugin Vulnerable versions = 0.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 569ddc3d9617 Credits vgo0 Required privilege...
WordPress Really Simple Security Pro multisite Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication
Software Really Simple Security Pro multisite Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 976349dfad8d Credits...
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...
WordPress Xin Theme <= 1.0.8.1 is vulnerable to PHP Object Injection
Software Xin Type Theme Vulnerable versions = 1.0.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52412 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID da7dd1423a5a Credits Mika Required privilege Unauthenticated Published 13...
WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control
Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...
WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure
Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...
WordPress Inline Click To Tweet Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Inline Click To Tweet Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e9a9fcb00d6e Credits SOPROBRO Required privilege...
WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...
WordPress Shortcode Collection Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)
Software Shortcode Collection Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51864 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79b02ce6496 Credits SOPROBRO Required privilege Contribut...
CVE-2020-12828
creationtimestamp| type| source ---|---|--- 2024-10-31 02:10:22+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1349...
WordPress Audio Comparison Lite Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)
Software Audio Comparison Lite Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0a5a84c2cb69 Credits SOPROBRO Required privilege...
CVE-2020-4046
creationtimestamp| type| source ---|---|--- 2024-10-29 18:43:58+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1299...
WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)
Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...
WordPress Signup Page Plugin <= 1.0 is vulnerable to Privilege Escalation
Software Signup Page Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15ed63623277 Credits Mika Required...
WordPress Cozy Blocks Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)
Software Cozy Blocks Type Plugin Vulnerable versions = 2.0.18 Fixed in 2.0.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50502 Patch priority Low CVSS severity Low 6.5 Developer CozyThemes PSID 2887e7a845fe Credits Michael Required privilege Contributor...
WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9865 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2193c9ee308 Credits zer0gh0st Required...
WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control
Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...
CVE-2020-9375
creationtimestamp| type| source ---|---|--- 2024-10-18 16:21:45+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/856...
WordPress Debrandify Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Debrandify Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9674 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0ed7b307aa52 Credits Francesco Carlucci Required...
WordPress Royal Elementor Addons Plugin <= 1.3.986 is vulnerable to Sensitive Data Exposure
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.986 Fixed in 1.3.987 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-7417 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 4060f71c187f Credits stealthcopter Required...