WordPress Sala Theme <= 1.1.6 is vulnerable to Local File Inclusion

Software Sala Type Theme Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54709 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 734caf3a58cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...

WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin ReDi Restaurant Reservation versions = 24.1209...

WordPress Awesome Event Booking plugin <= 2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Awesome Event Booking versions = 2.8.4...

WordPress Kudos Donations Plugin <= 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Kudos Donations Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27c0ae774d02 Credits vgo0 Required...

WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress Don't Break The Code Plugin <= .3.1 is vulnerable to Cross Site Scripting (XSS)

Software Don't Break The Code Type Plugin Vulnerable versions = .3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e5611bdb41d7 Credits João Pedro S Alcântara Kinorth...

WordPress Wp Social Plugin <= 3.0.7 is vulnerable to Broken Authentication

Software Wp Social Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-9501 Patch priority High CVSS severity High 9.8 Developer Wpmet PSID 239b8bacd5e7 Credits wesley wcraft Required privilege...

WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Broken Authentication

Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 140fce8f5a83 Credits István...

WordPress Clean Retina Theme <= 3.0.6 is vulnerable to Local File Inclusion

Software Clean Retina Type Theme Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e56d05b5bd53 Credits tahu.datar Required privilege Unauthenticate...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.3.5 is vulnerable to Sensitive Data Exposure

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.36 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-49683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb194b3fd454 Credits Joshua...

WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

WordPress Newsletters Plugin <= 4.9.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletters Type Plugin Vulnerable versions = 4.9.9.1 Fixed in 4.9.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47346 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a4418b91ec6 Credits Le Ngoc Anh Required privilege...

WordPress Multi Step for Contact Form Plugin <= 2.7.7 is vulnerable to SQL Injection

Software Multi Step for Contact Form Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47331 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a27c5e08d690 Credits Hakiduck Required privilege...

WordPress Share This Image Plugin <= 2.03 is vulnerable to Open Redirection

Software Share This Image Type Plugin Vulnerable versions = 2.03 Fixed in 2.04 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-8761 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 2b483c93b8d5 Credits Krzysztof Zając Required privilege Unauthenticat...

WordPress MaxButtons Plugin <= 9.7.8 is vulnerable to Sensitive Data Exposure

Software MaxButtons Type Plugin Vulnerable versions = 9.7.8 Fixed in 9.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6499 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c468e4e161ae Credits stealthcopter Required privileg...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...