572 matches found
WordPress Filmix Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Filmix Type Theme Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44060 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23b9f7aa796e Credits justakazh Required privilege Unauthenticated...
WordPress Memberpress Plugin <= 1.11.34 is vulnerable to Broken Access Control
Software Memberpress Type Plugin Vulnerable versions = 1.11.34 Fixed in 1.11.35 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43956 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4067cee8925c Credits Ananda Dhakal Patchstack...
WordPress Shield Security Plugin < 20.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Shield Security Type Plugin Vulnerable versions 20.0.6 Fixed in 20.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7313 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df05c396b592 Credits Krugov Artyom...
WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)
Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...
WordPress Recipe Card Blocks for Gutenberg & Elementor Plugin <= 3.3.1 is vulnerable to Broken Access Control
Software Recipe Card Blocks for Gutenberg & Elementor Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19c361c53a3a Credits...
WordPress Element Pack Elementor Addons Plugin <= 5.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7247 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3540915b141a Credits Webbernaut...
WordPress Timeline and History slider Plugin <= 2.3 is vulnerable to Local File Inclusion
Software Timeline and History slider Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-43232 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2bac14a13b45 Credits João Pedro S Alcântara...
WordPress Amelia Plugin <= 1.2 is vulnerable to Sensitive Data Exposure
Software Amelia Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6552 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 963ab0b19e24 Credits stealthcopter Required privilege...
WordPress Spectra Plugin <= 2.14.1 is vulnerable to Cross Site Scripting (XSS)
Software Spectra Type Plugin Vulnerable versions = 2.14.1 Fixed in 2.15.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-7590 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a51e418171d1 Credits João Pedro S Alcântara Kinorth Required...
WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.15.6 is vulnerable to Cross Site Scripting (XSS)
Software 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Type Plugin Vulnerable versions = 1.15.6 Fixed in 1.15.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43152 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c27b38c9e4e0...
WordPress Advanced Cron Manager – debug & control Plugin <= 2.5.9 is vulnerable to Broken Access Control
Software Advanced Cron Manager – debug & control Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.5.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7331ca5ca4a8 Credits...
WordPress Football Pool Plugin <= 2.11.10 is vulnerable to Cross Site Scripting (XSS)
Software Football Pool Type Plugin Vulnerable versions = 2.11.10 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43130 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 286c38961ee5 Credits Ananda Dhakal Patchstack Required...
WordPress WPBakery Page Builder Plugin <= 7.7 is vulnerable to Local File Inclusion
Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.7 Fixed in 7.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5709 Patch priority Low CVSS severity Low 6.6 Developer WPBakery PSID 1374f7b043bd Credits João Pedro Soares de Alcântara Required privileg...
WordPress Ultimate Classified Listings Plugin < 1.3 is vulnerable to Local File Inclusion
Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.3 Fixed in 1.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5882 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b49a98246fbf Credits Project Black Required privilege...
WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload
Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...
WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...
WordPress Royal Elementor Addons Plugin <= 1.3.980 is vulnerable to Cross Site Scripting (XSS)
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.980 Fixed in 1.3.981 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5818 Patch priority Low CVSS severity Low 6.5 Developer WProyal PSID 21750c8b6654 Credits Webbernaut Required...
WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion
Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...
WordPress ListingPro Theme <= 2.9.4 is vulnerable to SQL Injection
Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39622 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ecd756a53e31 Credits Rafie Muhammad Patchstack Required privilege...
WordPress Atarim Plugin <= 4.0 is vulnerable to Broken Access Control
Software Atarim Type Plugin Vulnerable versions = 4.0 Fixed in 4.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38771 Patch priority Medium CVSS severity Medium 6.5 Developer Atarim PSID 7e5566c5bcde Credits piro Required privilege Unauthenticated...