WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...

WordPress BulkPress Plugin <= 0.3.5 is vulnerable to Cross Site Scripting (XSS)

Software BulkPress Type Plugin Vulnerable versions = 0.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 569ddc3d9617 Credits vgo0 Required privilege...

WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

WordPress Salon booking system Plugin <= 9.9 is vulnerable to Arbitrary File Deletion

Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37231 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 096d4dd72ddd Credits LVT-tholv2k Required...

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

WordPress Debug Log – Manger Tool Plugin <= 1.4.5 is vulnerable to Sensitive Data Exposure

Software Debug Log – Manger Tool Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.5 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-34798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 669450ad8391 Credits emad Required...

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

WordPress WP Delicious Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Delicious Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f958188390a5 Credits Rafie Muhammad Patchstack Required...

WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Full Auto Tags Manager Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34024 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e806b57e2695 Credits Elliot Requir...