WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.971...

WordPress Groundhogg plugin <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function vulnerability

Authenticated Author+ Arbitrary File Upload via ghbigfileupload Function vulnerability discovered by wesley wcraft in WordPress Plugin Groundhogg versions = 3.7.3.5...

WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication

Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...

WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Security Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 39d130db7003 Credits...

WordPress Wp Social Plugin <= 3.0.7 is vulnerable to Broken Authentication

Software Wp Social Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-9501 Patch priority High CVSS severity High 9.8 Developer Wpmet PSID 239b8bacd5e7 Credits wesley wcraft Required privilege...

WordPress WPSchoolPress plugin <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Authenticated Teacher+ Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.10...

Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

WordPress Premium Addons for Elementor plugin <= 4.10.34 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Premium Addons for Elementor versions = 4.10.34...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

WordPress PowerPack Addons for Elementor Plugin <= 2.7.15 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1411 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 6ccdfffb7852 Credits wesle...