46681 matches found
WordPress Advanced Sermons Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Sermons Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50458 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0e069038bb43 Credits SOPROBRO Required privilege Contributor...
WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...
WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal
Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...
WordPress WP-Advanced-Search Plugin < 3.3.9.2 is vulnerable to SQL Injection
Software WP-Advanced-Search Type Plugin Vulnerable versions 3.3.9.2 Fixed in 3.3.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9796 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 872f69a2765a Credits Wojciech Jezowski Required privilege...
WordPress Survey Maker Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)
Software Survey Maker Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8488 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7656cef316d3 Credits Jonas Benjamin Friedli...
WordPress Hash Form Plugin <= 1.1.9 is vulnerable to Arbitrary File Upload
Software Hash Form Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9417 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 599a3ecad6e0 Credits Rein Daelman trein Required privilege...
WordPress TinyPNG Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software TinyPNG Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-47635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9470f9a7ceb0 Credits Rafie Muhammad Patchstack...
WordPress Elementor Website Builder Plugin <= 3.23.4 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.23.4 Fixed in 3.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5416 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID 8f473cdb82fd Credits wesley wcraft...
WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload
Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...
WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Broken Access Control
Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5939 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 8ee538f964d1 Credits villu164 Required privilege...
WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control
Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...
WordPress Duplicator Plugin <= 1.5.9 is vulnerable to Full Path Disclosure (FPD)
Software Duplicator Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d879d29752 Credits stealthcopter Required...
WordPress Elementor Pro Plugin <= 3.21.2 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Pro Type Plugin Vulnerable versions = 3.21.2 Fixed in 3.21.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 41d6dec3f86d Credits Michael Required privilege...
WordPress ARMember Premium Plugin < 6.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software ARMember Premium Type Plugin Vulnerable versions 6.7.1 Fixed in 6.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77f7fcbe1ab Credits Cat Required privile...
WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)
Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...
WordPress Table Maker Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Table Maker Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34574 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7c1bf395ed48 Credits CatFather Required privilege Author Publishe...
WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection
Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...
WordPress WooCommerce Plugin < 8.6 is vulnerable to Broken Access Control
Software WooCommerce Type Plugin Vulnerable versions 8.6 Fixed in 8.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1310 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1c0523f0c515 Credits Scott Kingsley Clark Required privilege...
WordPress X-T9 Theme <= 1.19.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software X-T9 Type Theme Vulnerable versions = 1.19.0 Fixed in 1.19.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f76c7713c16f Credits Dhabaleshwar Das Required...
WordPress Post Views Counter Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post Views Counter Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31264 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68843b34fde0 Credits Brandon Roldan...
WordPress Elementor Addon Elements Plugin <= 1.12.12 is vulnerable to Local File Inclusion
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.12 Fixed in 1.13 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-1358 Patch priority Low CVSS severity Low 8.8 Developer WPVibes PSID 7c75b4731d57 Credits wesley wcraft Required privilege...
WordPress Unlimited Addons for WPBakery Page Builder Plugin <= 1.0.42 is vulnerable to Arbitrary File Upload
Software Unlimited Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 1.0.42 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6925 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 9599a24cfc17 Credits István Márton...
WordPress The Events Calendar Plugin <= 6.2.8.2 is vulnerable to Sensitive Data Exposure
Software The Events Calendar Type Plugin Vulnerable versions = 6.2.8.2 Fixed in 6.2.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6557 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 4e6ed43ca389 Credits Nicolas...
WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Remote Code Execution (RCE)
Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-6634 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID acb9af544a85 Credits hir0ot Required privilege...
WordPress Dan's Embedder for Google Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Dan's Embedder for Google Calendar Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51504 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e9f89f8b2081 Credits Ngô Thiên An ancorn fro...
WordPress Backup Migration Plugin <= 1.3.9 is vulnerable to Path Traversal
Software Backup Migration Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6972 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 63ca4651f92b Credits NP3228 Required privilege...
WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection
Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48738 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5a7e2b4a3331 Credits Rafie Muhammad Patchstack Required...
WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation
Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...
WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...
WordPress Stock Ticker Plugin <= 3.23.2 is vulnerable to Cross Site Scripting (XSS)
Software Stock Ticker Type Plugin Vulnerable versions = 3.23.2 Fixed in 3.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45365 Patch priority Medium CVSS severity Medium 7.1 Developer Aleksandar Urošević PSID b2f877d49771 Credits Aman Rawat...
WordPress JupiterX Core Plugin <= 4.6.6 is vulnerable to Arbitrary File Download
Software JupiterX Core Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.9 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2023-3813 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 89a622a39c6e Credits István Márton Required privilege...
WordPress Simple Cart Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Simple Cart Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d50ef7e26bc5 Credits Rafie Muhammad Patchstack Required...
WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload
Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...
WordPress Kanban Boards for WordPress Plugin < 2.5.21 is vulnerable to Cross Site Scripting (XSS)
Software Kanban Boards for WordPress Type Plugin Vulnerable versions 2.5.21 Fixed in 2.5.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0873 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29201871ee56 Credits Shreya Pohek...
WordPress ReviewX Plugin <= 1.6.13 is vulnerable to Privilege Escalation
Software ReviewX Type Plugin Vulnerable versions = 1.6.13 Fixed in 1.6.14 OWASP Top 10 A6: Security Misconfiguration Classification Privilege Escalation CVE CVE-2023-2833 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ccf8a6d79e5 Credits Lana Codes Required privilege...
WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection
Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...
WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Broken Access Control
Software WP Table Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47601 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dd961e3e7567 Credits Cat Required privilege...
WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4829 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID a608bae568e8 Credits István...
WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution No reply from the vendor...
WordPress Ezoic plugin <= 2.8.8 - Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability
Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability discovered by José Aguilera Patchstack Alliance in the WordPress Ezoic plugin versions = 2.8.8. Solution Update the WordPress Ezoic plugin to the latest available version at least 2.8.9...
WordPress Quick Restaurant Reservations plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Quick Restaurant Reservations plugin versions = 1.5.4. Solution Update the WordPress Quick Restaurant Reservations plugin to the latest available version at least 1.5.5...
WordPress WP-Polls plugin <= 2.75.6 - IP Validation Bypass vulnerability
IP Validation Bypass vulnerability discovered by Daniel Ruf in WordPress WP-Polls plugin versions = 2.75.6. Solution Update the WordPress WP-Polls plugin to the latest available version at least 2.76.0...
WordPress Event Monster plugin <= 1.1.20 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Visitors Deletion discovered by Thura Moe Myint in the WordPress Event Monster plugin versions = 1.1.20. Solution Update the WordPress Event Management Tickets Booking plugin to the latest available version at least 1.2.0...
WordPress Booster Elite for WooCommerce premium plugin < 1.1.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Checkout Files Deletion discovered by WPScan in WordPress Booster for WooCommerce premium plugin versions 1.1.7. Solution Update the WordPress Booster Elite for WooCommerce plugin to the latest available version at least 1.1.7...
WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability
Missing Authorization vulnerability leading to Feedback Submission discovered by Lana Codes Patchstack Alliance in the WordPress Appointment Hour Booking plugin versions = 1.3.71. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.72...
WordPress Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Account Disconnect discovered by Rasi Afeef Patchstack Alliance in WordPress Forms by CaptainForm versions = 2.5.3. Solution No patched version is available. No reply from the vendor...
WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creative Mail plugin to the latest available version at least 1.6.0...
WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in the WordPress Api2Cart Bridge Connector plugin versions = 1.1.0. Solution Update the WordPress Api2Cart Bridge Connector plugin to the latest available version at least 1.2.0...
WordPress 3D Tag Cloud plugin <= 3.8 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes Patchstack Alliance in the WordPress 3D Tag Cloud plugin versions = 3.8. Solution Deactivate and delete. This plugin has been closed as of September 22, 2022 and is not available for downloa...
WordPress Gallery with thumbnail slider plugin <= 6.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery with thumbnail slider plugin versions = 6.0. Solution Update the WordPress Gallery with thumbnail slider plugin to the latest available version at least 6.1...