46684 matches found
WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Gravity Forms CSS Themes with Fontawesome and Placeholders versions = 8.5...
WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - Authenticated (Administrator+) SQL Injection via post_id Parameter vulnerability
Authenticated Administrator+ SQL Injection via postid Parameter vulnerability discovered by Pham Van Tam in WordPress Plugin Indeed Ultimate Learning Pro versions = 3.9...
WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Privilege Escalation
Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11925 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9f2540380ea8 Credits Tonn Required...
WordPress InPost Gallery Plugin <= 2.1.4.2 is vulnerable to Arbitrary Code Execution
Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.2 Fixed in 2.1.4.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-11002 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 33afec67c5eb Credits Arkadiusz Hydzik Required privile...
WordPress Subaccounts for WooCommerce Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Subaccounts for WooCommerce Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11370 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e68bad5342df Credits vgo0...
WordPress GamiPress Plugin <= 7.1.5 is vulnerable to Broken Access Control
Software GamiPress Type Plugin Vulnerable versions = 7.1.5 Fixed in 7.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11036 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 528614ec92ef Credits Arkadiusz Hydzik Required...
WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control
Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...
WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5925dd673838 Credits Lucio Sá Required privilege...
WordPress JetWidgets For Elementor Plugin <= 1.0.18 is vulnerable to Cross Site Scripting (XSS)
Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10323 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8136ec91932f Credits Francesco...
WordPress Computer Repair Shop Plugin <= 3.8115 is vulnerable to Arbitrary File Upload
Software Computer Repair Shop Type Plugin Vulnerable versions = 3.8115 Fixed in 3.8116 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51793 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4e734860df66 Credits stealthcopter Required privilege...
WordPress mFolio Lite Plugin <= 1.2.1 is vulnerable to Broken Access Control
Software mFolio Lite Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9307 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 19ba5b646cd3 Credits Francesco Carlucci Required...
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...
WordPress Social Share Buttons plugin <= 1.19 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Social Share Buttons versions = 1.19...
WordPress Google Language Translator Plugin < 6.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Google Language Translator Type Plugin Vulnerable versions 6.0.10 Fixed in 6.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3695267a00ad Credits Ram Required...
WordPress WP Popup Builder Plugin <= 1.3.5 is vulnerable to Content Injection
Software WP Popup Builder Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9061 Patch priority Medium CVSS severity Medium 7.9 Developer Claim ownership PSID f6bee0964d75 Credits Francesco Carlucci Required privilege...
WordPress Rescue Shortcodes Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS)
Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 55990669c666 Credits Peter Thaleikis Required...
WordPress TablePress Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)
Software TablePress Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9595 Patch priority Low CVSS severity Low 5.9 Developer TablePress PSID e1ecd7cf1ef2 Credits Max Boll b0lli Required privilege...
WordPress Contact Forms, Live Support, CRM, Video Messages Plugin <= 1.10.2 is vulnerable to Sensitive Data Exposure
Software Contact Forms, Live Support, CRM, Video Messages Type Plugin Vulnerable versions = 1.10.2 Fixed in 1.11.1 OWASP Top 10 A8: Software and Data Integrity Failures Classification Sensitive Data Exposure CVE CVE-2024-49235 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSI...
WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...
WordPress 012 PS Multi Languages Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Software 012 PS Multi Languages Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8723 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e9d3bd5f6a02 Credits mohamed hamadou zero...
WordPress Ultimate Classified Listings Plugin < 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.3 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 51c9f2d610f9 Credits Bob Matyas...
WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload
Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...
WordPress JSON API User Plugin <= 3.9.3 is vulnerable to Privilege Escalation
Software JSON API User Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c77720f52f77 Credits Thanh Nam Tran Required privile...
WordPress Himer Theme < 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Himer Type Theme Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID acb8e6a0fd0f Credits Bob Matyas Required privilege Contributor Published ...
WordPress WPQA - Builder forms Addon Plugin < 6.1.1 is vulnerable to Cross Site Scripting (XSS)
Software WPQA - Builder forms Addon Type Plugin Vulnerable versions 6.1.1 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2375 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b62f23b8b86a Credits Bob Matyas...
WordPress PDF.js Viewer Plugin <= 2.1.8.1 is vulnerable to Cross Site Scripting (XSS)
Software PDF.js Viewer Type Plugin Vulnerable versions = 2.1.8.1 Fixed in 2.2 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8e9d442ad86 Credits Yudistira Arya...
WordPress Quiz Maker Plugin <= 6.5.8.3 is vulnerable to SQL Injection
Software Quiz Maker Type Plugin Vulnerable versions = 6.5.8.3 Fixed in 6.5.8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6028 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 91d50e136383 Credits Arkadiusz Hydzik Required privilege Unauthenticat...
WordPress Enfold Theme <= 5.6.9 is vulnerable to Cross Site Scripting (XSS)
Software Enfold Type Theme Vulnerable versions = 5.6.9 Fixed in 5.6.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37199 Patch priority Low CVSS severity Low 7.1 Developer Kriesi PSID 231fe6fad434 Credits tom Required privilege Unauthenticated Published 20 June...
WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability
Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...
WordPress Blocksy Theme <= 2.0.50 is vulnerable to Cross Site Scripting (XSS)
Software Blocksy Type Theme Vulnerable versions = 2.0.50 Fixed in 2.0.51 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5439 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 4b0639fc9299 Credits Ngô Thiên An ancorn Required...
WordPress Skyline WP Theme <= 1.0.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Skyline WP Type Theme Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34810 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e68045327895 Credits Dhabaleshwar Das Requir...
WordPress Divi Theme <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)
Software Divi Type Theme Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1cc1a7dd8fd8 Credits Webbernaut Required privilege...
WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...
WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control
Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...
WordPress FileOrganizer plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Nikolas in WordPress Plugin FileOrganizer versions = 1.0.6...
WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)
Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...
WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...
WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)
Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1794 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID adc117fb9f27 Credits wesley wcraft Required...
WordPress Elementor Website Builder Plugin <= 3.20.2 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.20.2 Fixed in 3.20.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2117 Patch priority Low CVSS severity Low 6.4 Developer Elementor PSID 13b41799a0e4 Credits Webbernaut Require...
WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control
Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...
WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)
Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...
WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control
Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...
WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Software GiveWP Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51415 Patch priority Low CVSS severity Low 6.5 Developer Liquid Web / StellarWP PSID 65d3f45445d5 Credits LVT-tholv2k Required privilege Contribut...
WordPress Post SMTP Plugin <= 2.8.7 is vulnerable to Broken Authentication
Software Post SMTP Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2023-6875 Patch priority High CVSS severity High 9.8 Developer WPExperts PSID abf9b2b72d3f Credits Ulyses Saicha Required privilege Unauthenticat...
WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6567 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9380e4991dc4 Credits hir0ot Required privilege Unauthenticated Publish...
WordPress Auto Amazon Links Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Auto Amazon Links Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52175 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f072a5fa406e Credits Nguyen Anh Tien Required privilege...
WordPress CAOS | Host Google Analytics Locally Plugin <= 4.7.14 is vulnerable to Broken Access Control
Software CAOS | Host Google Analytics Locally Type Plugin Vulnerable versions = 4.7.14 Fixed in 4.7.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6637 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 62929a294e3e Credits...
WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
Software Astra Pro Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-49830 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4758946ebae8 Credits Rafie Muhammad Patchstack Required...
WordPress JetWooBuilder Plugin <= 2.1.7.2 is vulnerable to Broken Access Control
Software JetWooBuilder Type Plugin Vulnerable versions = 2.1.7.2 Fixed in 2.1.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 8b8b6528e3fb Credits Rafie Muhammad Patchstack...
WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48756 Patch priority Medium CVSS severity Medium 7.1 Developer Crocoblock PSID 64c07c24a704 Credits Rafie Muhammad Patchstack...