8 matches found
WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin WP Mailgun SMTP versions = 1.0.7...
PT-2025-5672 · Uniapi · Uniapi
Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7 Description: The issue concerns code introduced in a specific version of the software that executes upon import of the module. This code downloads a script from a remote URL and then executes the downloaded script in a...
WordPress plugin Captchelfie – Captcha by Selfie 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Captchelfi...
WordPress Swiss Toolkit For WP Plugin <= 1.0.7 is vulnerable to Broken Authentication
Software Swiss Toolkit For WP Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-5204 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 07e08699642a Credits István Márton...
WordPress NewsXpress Theme <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software NewsXpress Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fbdf2aa209f9 Credits Dhabaleshwar Das Required...
WordPress GamiPress – Button Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software GamiPress – Button Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2460 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 46fbe1f93240 Credits Francesco Carlucci...
WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...
WordPress Bani Theme <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Bani Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 34cf7cd408a8 Credits Rafie Muhammad Patchstack Required privilege...