572 matches found
WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload
Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...
WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...
WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control
Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...
WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...
WordPress WP Total Branding Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software WP Total Branding Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6625 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7d5303cf6ee Credits Artem Polynko Artem Polynk...
WordPress Send Users Email Plugin <= 1.5.1 is vulnerable to Sensitive Data Exposure
Software Send Users Email Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38760 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 13aaf3930e9f Credits Joshua...
WordPress Simple Video Directory Plugin < 1.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Simple Video Directory Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5811 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6334df1d47fc Credits Bob Matyas Required...
WordPress Academy LMS Plugin <= 2.0.4 is vulnerable to Broken Access Control
Software Academy LMS Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38701 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1381c0d8b2d7 Credits filime Required privilege Academy...
WordPress Moloni Plugin <= 4.7.4 is vulnerable to Cross Site Scripting (XSS)
Software Moloni Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38694 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c1c98bacc1ee Credits Yudistira Arya Required privilege...
WordPress Uncanny Automator Pro Plugin <= 5.3 is vulnerable to Cross Site Scripting (XSS)
Software Uncanny Automator Pro Type Plugin Vulnerable versions = 5.3 Fixed in 5.3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37117 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9c1cb610bb3a Credits Dave Jong Patchstack...
WordPress Tutor LMS Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37947 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54e1794329a4 Credits justakazh Required privilege editor and Tuto...
WordPress WS Contact Form Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)
Software WS Contact Form Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37537 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9166c1a50a0c Credits younsoung kim, SeoHyeon Lee, MyungJu...
WordPress The Post Grid Plugin <= 7.7.4 is vulnerable to Broken Access Control
Software The Post Grid Type Plugin Vulnerable versions = 7.7.4 Fixed in 7.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37481 Patch priority Medium CVSS severity Medium 6.5 Developer Mamunur Rashid PSID eb5b996e0113 Credits Rafie Muhammad Patchstack...
WordPress Nested Pages Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Nested Pages Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5943 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID ec525e948d0f Credits Bassem Essam Required...
WordPress Simply Show Hooks Plugin <= 1.2.1 is vulnerable to Backdoor
Software Simply Show Hooks Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9717f5492dd4 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 20...
WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor
Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...
WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure
Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...
WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion
Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...
WordPress Book Landing Page Theme <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Book Landing Page Type Theme Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b75fbc99c1f0 Credits Dhabaleshwar Das...
WordPress The Plus Addons for Elementor Pro Plugin <= 5.5.6 is vulnerable to Local File Inclusion
Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5455 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7768d7567cf0 Credits wesley wcraft Required...