WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...

WordPress PostX Plugin <= 4.1.16 is vulnerable to Broken Access Control

Software PostX Type Plugin Vulnerable versions = 4.1.16 Fixed in 4.1.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10728 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 29722a758707 Credits Sean Murphy Required privilege...

WordPress GutenKit plugin <= 2.1.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Sean Murphy in WordPress Plugin GutenKit versions = 2.1.0...

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

WordPress Post SMTP Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7027 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID 7142ca21bf69 Credits Sean Murphy Required privilege...

WordPress Ad Inserter plugin <= 2.4.21 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability found by Sean Murphy WordFence in WordPress Ad Inserter plugin versions = 2.4.21. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.4.22...