46684 matches found
WordPress codeSnips Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software codeSnips Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b3a7768e4e50 Credits SOPROBRO Required privilege Contributor Publishe...
WordPress Show Visitor IP Address Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software Show Visitor IP Address Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50538 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 14c2541462c0 Credits SOPROBRO Required privilege...
WordPress World Prayer Time Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software World Prayer Time Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-50534 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c482db8f0a37 Credits SOPROBRO Required...
WordPress Image Map Pro Plugin <= 6.0.20 is vulnerable to Broken Access Control
Software Image Map Pro Type Plugin Vulnerable versions = 6.0.20 Fixed in 6.0.21 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9584 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0749ab20b9c9 Credits István Márton Required privile...
WordPress WooCommerce Plugin <= 9.0.2 is vulnerable to Content Injection
Software WooCommerce Type Plugin Vulnerable versions = 9.0.2 Fixed in 9.1.0 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9944 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b045fb73bcc4 Credits drop Required privilege Unauthenticated Published ...
WordPress Move Addons for Elementor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47396 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 53f3d0fe4d46 Credits GoatSniff Required privilege...
WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)
Software MC4WP Type Plugin Vulnerable versions 4.9.9 - 4.9.16 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8850 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37434d44abfc Credits kauenavarro Required privilege...
WordPress BuddyForms Plugin <= 2.8.11 is vulnerable to Privilege Escalation
Software BuddyForms Type Plugin Vulnerable versions = 2.8.11 Fixed in 2.8.12 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8246 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 7556df5d8520 Credits wesley wcraft Required privilege...
WordPress Funnel Kit Funnel Builder PRO Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Funnel Kit Funnel Builder PRO Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1056 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1faa8fa285 Credits Francesco...
WordPress Analytify Plugin <= 5.3.1 is vulnerable to Broken Access Control
Software Analytify Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43265 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1206608342d9 Credits Dhabaleshwar Das Required privilege...
WordPress BerqWP Plugin <= 1.7.6 is vulnerable to Arbitrary File Upload
Software BerqWP Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-43160 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1bde7f9c6c84 Credits Dave Jong Patchstack Required privilege...
WordPress WPBakery Page Builder Plugin <= 7.7 is vulnerable to Local File Inclusion
Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.7 Fixed in 7.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5709 Patch priority Low CVSS severity Low 6.6 Developer WPBakery PSID 1374f7b043bd Credits João Pedro Soares de Alcântara Required privileg...
WordPress WP Fundraising Donation and Crowdfunding Platform Plugin <= 1.7.0 is vulnerable to Privilege Escalation
Software WP Fundraising Donation and Crowdfunding Platform Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-6698 Patch priority High CVSS severity High 8.8 Developer Claim ownership...
WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure
Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...
WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload
Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...
WordPress Feeds for YouTube Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Feeds for YouTube Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6256 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb0b7eea4059 Credits Webbernaut Required...
WordPress Panda Video plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Panda Video versions = 1.4.0...
WordPress PayPlus Payment Gateway Plugin <= 6.6.8 is vulnerable to SQL Injection
Software PayPlus Payment Gateway Type Plugin Vulnerable versions = 6.6.8 Fixed in 6.6.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6205 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 47e962c92ffc Credits Project Black Required privilege...
WordPress Interactive Content – H5P Plugin < 1.15.8 is vulnerable to Cross Site Scripting (XSS)
Software Interactive Content – H5P Type Plugin Vulnerable versions 1.15.8 Fixed in 1.15.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b51ad18a9f74 Credits Dmitrii Ignaty...
WordPress Laybuy Payment Extension for WooCommerce Plugin <= 5.3.9 is vulnerable to Broken Access Control
Software Laybuy Payment Extension for WooCommerce Type Plugin Vulnerable versions = 5.3.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 165650bb5335 Credits Abdi...
WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection
Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...
WordPress RestroPress Plugin <= 3.1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software RestroPress Type Plugin Vulnerable versions = 3.1.2.1 Fixed in 3.1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f811f4d1bd1 Credits LVT-tholv2k Required privilege...
WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection
Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...
WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.26 is vulnerable to Content Injection
Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.26 Fixed in 1.6.27 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-2619 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e650ff9528ff Credits wesley wcraft...
WordPress One Click Demo Import Plugin <= 3.2.0 is vulnerable to PHP Object Injection
Software One Click Demo Import Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-34433 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a0133f0acd1f Credits ngductung Patchstack Alliance Requir...
WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33928 Patch priority Medium CVSS severity Medium 7.1 Developer Codebard PSID f0b671d6d681 Credits Le Ngoc...
WordPress WP Chat App Plugin < 3.6.4 is vulnerable to Cross Site Scripting (XSS)
Software WP Chat App Type Plugin Vulnerable versions 3.6.4 Fixed in 3.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2837 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b3b62a2992fa Credits Dmitrii Ignatyev Required...
WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme WP Portfolio versions = 2.4...
WordPress WZone Plugin <= 14.0.10 is vulnerable to SQL Injection
Software WZone Type Plugin Vulnerable versions = 14.0.10 Fixed in 14.0.31 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33544 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 102966976300 Credits Rafie Muhammad Patchstack Required privilege...
WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin UsersWP versions 1.2.6...
WordPress FancyBox for WordPress Plugin 3.0.2 - 3.3.3 is vulnerable to Cross Site Scripting (XSS)
Software FancyBox for WordPress Type Plugin Vulnerable versions 3.0.2 - 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-0662 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6e38c509b29 Credits Sh Required privilege...
WordPress Carousel Anything For WPBakery Page Builder Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)
Software Carousel Anything For WPBakery Page Builder Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30520 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a74a859c3da3 Credits resecured.io...
WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...
WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)
Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...
WordPress Amelia Plugin <= 1.0.98 is vulnerable to Broken Access Control
Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-22298 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 1d2002f1be74 Credits Abdi Pranata Required privileg...
WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection
Software Automation By Autonami Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50857 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc113d13a945 Credits Muhammad Daffa Required privilege...
WordPress TextMe SMS Plugin <= 1.9.0 is vulnerable to Broken Access Control
Software TextMe SMS Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 91f657366fb1 Credits Arvandy Required privilege...
WordPress VK Blocks Plugin <= 1.63.0.1 is vulnerable to Cross Site Scripting (XSS)
Software VK Blocks Type Plugin Vulnerable versions = 1.63.0.1 Fixed in 1.64.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5706 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d60e9243083 Credits Lana Codes Required...
WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...
WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection
Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...
WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure
Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...
WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Complete Open Graph Type Plugin Vulnerable versions = 3.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45010 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 98057f180915 Credits Rio Darmawan Required...
WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Maintenance Switch Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29235 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc20c4d49d47 Credits Elliot Required...
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...
WordPress WP Database Administrator Plugin <= 1.0.3 is vulnerable to SQL Injection
Software WP Database Administrator Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3211 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 53fe9995f076 Credits Christiaan Swiers Required privilege...
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37979 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 584a630933ad Credits Rafie Muhammad...
WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...
WordPress LearnDash LMS Plugin <= 4.6.0 is vulnerable to Broken Authentication
Software LearnDash LMS Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.0.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-3105 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fcee4e28c7df Credits István Márton Required...
WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d78f3844de4 Credits Le Ngoc Anh Required...
WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...