46702 matches found
WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)
Software SEOPress Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 788a715fcbd5 Credits vgo0 Required privilege...
WordPress BA Book Everything Plugin <= 1.6.20 is vulnerable to Cross Site Scripting (XSS)
Software BA Book Everything Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e3cd73e82790 Credits Dimas Maulana Required...
WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Broken Access Control
Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7714 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...
WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control
Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...
WordPress Taxi Booking Manager for WooCommerce Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Taxi Booking Manager for WooCommerce Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43986 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cd7a0b805b0e Credits Sharanabasappa...
WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.8 is vulnerable to Broken Access Control
Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.8 Fixed in 0.6.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5987 Patch priority Low CVSS severity Low 5.4 Developer Alexander Volkov PSID d7cc8b0ae32e Credits Lucio Sá...
WordPress Timetics Plugin <= 1.0.23 is vulnerable to Sensitive Data Exposure
Software Timetics Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43923 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab309ff3351 Credits Manab Jyoti Dowarah Required...
WordPress Phlox PRO Theme <= 5.16.4 is vulnerable to Cross Site Scripting (XSS)
Software Phlox PRO Type Theme Vulnerable versions = 5.16.4 Fixed in 5.16.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6339 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d783a1b1dee Credits kauenavarro Required...
WordPress Flash & HTML5 Video Plugin <= 2.5.30 is vulnerable to Broken Access Control
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.30 Fixed in 2.5.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43296 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 14d9f8844f5d Credits Ananda Dhakal Patchstac...
WordPress StreamCast <= 2.2.3 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin StreamCast versions = 2.2.3...
WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...
WordPress Best Restaurant Menu by PriceListo Plugin <= 1.4.1 is vulnerable to SQL Injection
Software Best Restaurant Menu by PriceListo Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38793 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e01346317df5 Credits Jayden Caelli ret2desync...
WordPress Smartsupp – live chat, chatbots, AI and lead generation Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Smartsupp – live chat, chatbots, AI and lead generation Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38790 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...
WordPress JetWidgets for Elementor and WooCommerce Plugin <= 1.1.7 is vulnerable to Local File Inclusion
Software JetWidgets for Elementor and WooCommerce Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f1a24339fa6 Credits João...
WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control
Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...
WordPress FormFlow Plugin < 2.12.2 is vulnerable to Cross Site Scripting (XSS)
Software FormFlow Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05bb1755ee18 Credits Dikshita Trivedi Cybersecdexter...
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.10 is vulnerable to Cross Site Scripting (XSS)
Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.10 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37512 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6818a3b8cb82 Credits LVT-tholv2k Require...
WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion
Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...
WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)
Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...
WordPress Quiz And Survey Master Plugin <= 9.0.1 is vulnerable to SQL Injection
Software Quiz And Survey Master Type Plugin Vulnerable versions = 9.0.1 Fixed in 9.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3592 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26d19aa78d42 Credits Lucio Sá Required privilege Contributor...
WordPress ElasticPress Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software ElasticPress Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35684 Patch priority Low CVSS severity Low 4.3 Developer 10up PSID fbb3d18344c4 Credits Ananda Dhakal Patchstack Required...
WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)
Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...
WordPress Bloglo Theme <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Bloglo Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 469488b623d7 Credits stealthcopter Required privilege Contributor...
WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.89 is vulnerable to Remote Code Execution (RCE)
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.89 Fixed in 1.5.91 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6743 Patch priority High CVSS severity High 9.9 Developer Unlimited Elements PSID...
WordPress Expert Invoice Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Expert Invoice Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5172 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e96705f138f8 Credits Guido Iván GarcÃa Duva...
WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection
Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof ZajÄ…c Required privile...
WordPress Piotnet Addons For Elementor Plugin <= 2.4.26 is vulnerable to Cross Site Scripting (XSS)
Software Piotnet Addons For Elementor Type Plugin Vulnerable versions = 2.4.26 Fixed in 2.4.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ba2de4b7d3a7 Credits Ankit Pat...
WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.57 is vulnerable to PHP Object Injection
Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.57 Fixed in 4.9.58 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4733 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID c137dcbad43b Credits Peter...
WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Arbitrary Code Execution
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-34761 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d593f1472031 Credits Security audit Required...
WordPress 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Plugin <= 3.71 is vulnerable to Cross Site Scripting (XSS)
Software 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Type Plugin Vulnerable versions = 3.71 Fixed in 3.72 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...
WordPress Move Addons for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34562 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 788c0e0d4eae Credits Khalid Yusuf Required...
WordPress Stockholm Core Plugin <= 2.4.1 is vulnerable to Local File Inclusion
Software Stockholm Core Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34554 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f9aa82fd3a5e Credits Rafie Muhammad Patchstack Required privileg...
WordPress WTI Like Post Plugin <= 1.4.6 is vulnerable to Bypass Vulnerability
Software WTI Like Post Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-33917 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2def3782f557 Credits Mika Required privilege...
WordPress WP Media Cleaner Plugin <= 6.7.2 is vulnerable to Sensitive Data Exposure
Software WP Media Cleaner Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.7.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-33922 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 489615881bfc Credits Joshua Chan Required...
WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control
Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...
WordPress Filterable Portfolio Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Filterable Portfolio Type Plugin Vulnerable versions = 1.6.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4234 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a352fd807519 Credits Steven Julian Required privilege...
WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control
Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...
WordPress XStore Theme <= 9.3.8 is vulnerable to Cross Site Scripting (XSS)
Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33562 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d1626b7824f Credits Rafie Muhammad Patchstack Required privile...
WordPress Payment Gateway Based Fees and Discounts for WooCommerce Plugin <= 2.12.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Payment Gateway Based Fees and Discounts for WooCommerce Type Plugin Vulnerable versions = 2.12.1 Fixed in 2.12.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33585 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...
WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control
Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...
WordPress HelloAsso Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
Software HelloAsso Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32697 Patch priority Low CVSS severity Low 6.5 Developer HelloAsso PSID 1f9d717bb882 Credits Khalid Yusuf Required privilege Contributor...
WordPress Responsive Slider by MetaSlider Plugin <= 3.70.0 is vulnerable to Cross Site Scripting (XSS)
Software Responsive Slider by MetaSlider Type Plugin Vulnerable versions = 3.70.0 Fixed in 3.70.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3285 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 334dac19f012 Credits wesley...
WordPress i-max Theme <= 1.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software i-max Type Theme Vulnerable versions = 1.6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d50a050a84ef Credits Dhabaleshwar Das Required...
WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID de601e918847 Credits Dhabaleshwar Das Required...
WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2296 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db9d53f79206 Credits Jobert Krohnen...
WordPress Contact Form 7 Newsletter Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 Newsletter Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31110 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d60fc2231b4d Credits Dimas Maulana Required...
WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)
Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...
WordPress Media Library Folders Plugin <= 8.1.7 is vulnerable to SQL Injection
Software Media Library Folders Type Plugin Vulnerable versions = 8.1.7 Fixed in 8.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30486 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 07c50fa94bf4 Credits Le Ngoc Anh Required privilege Author...
WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection
Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-27956 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID aeab56860169 Credits Rafie Muhammad Patchstack Required privilege...