572 matches found
WordPress Folders Plugin <= 3.0 is vulnerable to Path Traversal
Software Folders Type Plugin Vulnerable versions = 3.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2023 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 79dd420f62c9 Credits Colin Xu Required privilege Author...
WordPress Folders Pro Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload
Software Folders Pro Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2024 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 56270bd65a1a Credits Colin Xu Required privilege Author Publish...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...
janmitchellproperties.co.uk Cross Site Scripting vulnerability OBB-3934974
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Premium Addons for Elementor Plugin <= 4.10.33 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.33 Fixed in 4.10.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5553 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 89dccdfaef3d Credits wesley wcraft...
WordPress SKT Addons for Elementor Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software SKT Addons for Elementor Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5091 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81d64b5eccce Credits stealthcopter...
WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)
Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...
WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)
Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...
WordPress Testimonial Carousel For Elementor Plugin <= 10.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Testimonial Carousel For Elementor Type Plugin Vulnerable versions = 10.1.1 Fixed in 10.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-35713 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be0db57f0489 Credits...
WordPress Rotating Tweets Plugin <= 1.9.10 is vulnerable to Cross Site Scripting (XSS)
Software Rotating Tweets Type Plugin Vulnerable versions = 1.9.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5141 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 44a4d93efa2c Credits Krzysztof Zając Required...
WordPress WooCommerce Tools Plugin <= 1.2.9 is vulnerable to Broken Access Control
Software WooCommerce Tools Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd5e30ec3dbb Credits Lucio Sá Required privilege...
WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)
Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3667 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cff58ae2952e Credits Webbernaut Required privilege...
WordPress Five Star Restaurant Menu Plugin <= 2.4.16 is vulnerable to Broken Access Control
Software Five Star Restaurant Menu Type Plugin Vulnerable versions = 2.4.16 Fixed in 2.4.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5459 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3ee7a9da89d Credits Lucio Sá Required...
WordPress Yumpu ePaper publishing Plugin <= 2.0.24 is vulnerable to Broken Access Control
Software Yumpu ePaper publishing Type Plugin Vulnerable versions = 2.0.24 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3277 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 08c9f70d34e3 Credits Lucio Sá Required...
WordPress Advanced iFrame Plugin <= 2024.3 is vulnerable to Cross Site Scripting (XSS)
Software Advanced iFrame Type Plugin Vulnerable versions = 2024.3 Fixed in 2024.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4365 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 184566715b3a Credits wesley wcraft Required...
WordPress EmbedPress Plugin <= 3.9.12 is vulnerable to Broken Access Control
Software EmbedPress Type Plugin Vulnerable versions = 3.9.12 Fixed in 3.9.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1803 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 58b21d9fa99a Credits WordFence Required privilege...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.107 is vulnerable to SQL Injection
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.107 Fixed in 1.5.108 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4779 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 2c76236c1b5c...
WordPress Logo Slider Plugin < 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Logo Slider Type Plugin Vulnerable versions 4.0.0 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3288 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6ccc99c3b05 Credits Krugov Artyom Required privile...
WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.16 Fixed in 5.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4709 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a184173f5e7 Credits Tobias Weißhaar kun19...
WordPress Automatic Plugin <= 3.94.0 is vulnerable to Cross Site Scripting (XSS)
Software Automatic Type Plugin Vulnerable versions = 3.94.0 Fixed in 3.95.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4849 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c71dc29444f6 Credits haidv35 Required privilege...