WordPress Computer Repair Shop Plugin <= 3.8115 is vulnerable to Arbitrary File Upload

Software Computer Repair Shop Type Plugin Vulnerable versions = 3.8115 Fixed in 3.8116 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51793 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4e734860df66 Credits stealthcopter Required privilege...

WordPress Jigoshop – Store Exporter Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Jigoshop – Store Exporter Type Plugin Vulnerable versions = 1.5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 721f9b13ca88 Credits Zlrqh Required privilege...

WordPress World Prayer Time Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software World Prayer Time Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-50534 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c482db8f0a37 Credits SOPROBRO Required...

WordPress ScottCart Plugin <= 1.1 is vulnerable to Remote Code Execution (RCE)

Software ScottCart Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-50492 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID bd1f778da3e5 Credits Mika Required privilege Unauthenticated...

WordPress Plugin Propagator Plugin <= 0.1 is vulnerable to Arbitrary File Upload

Software Plugin Propagator Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50495 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8034c466a94c Credits stealthcopter Required privilege...

WordPress Mega Elements Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1a9c6f9c436 Credits João Pedro S Alcântara Kinorth Required...

WordPress Social Share Buttons plugin <= 1.19 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Social Share Buttons versions = 1.19...

WordPress Google Language Translator Plugin < 6.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Google Language Translator Type Plugin Vulnerable versions 6.0.10 Fixed in 6.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3695267a00ad Credits Ram Required...

WordPress Movie Database Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Movie Database Type Plugin Vulnerable versions = 1.0.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43300 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d8991f93ba12 Credits FX Required privilege Administrator...

WordPress WP Popup Builder Plugin <= 1.3.5 is vulnerable to Content Injection

Software WP Popup Builder Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9061 Patch priority Medium CVSS severity Medium 7.9 Developer Claim ownership PSID f6bee0964d75 Credits Francesco Carlucci Required privilege...

WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection

Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability

Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Broken Access Control

Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7714 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8529 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 137696734fbf Credits abrahack Required privilege Unauthenticated Publish...

WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control

Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43939 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7f62f3b06158 Credits Dave Jong Patchstack Required...

WordPress Timetics Plugin <= 1.0.23 is vulnerable to Sensitive Data Exposure

Software Timetics Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43923 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab309ff3351 Credits Manab Jyoti Dowarah Required...

WordPress SendGrid for WordPress Plugin <= 1.4 is vulnerable to SQL Injection

Software SendGrid for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43965 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 897d693aed88 Credits Ananda Dhakal Patchstack Required privilege...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...

WordPress Ultimate Classified Listings Plugin < 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.3 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 51c9f2d610f9 Credits Bob Matyas...

WordPress Royal Elementor Addons Plugin <= 1.3.980 is vulnerable to Cross Site Scripting (XSS)

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.980 Fixed in 1.3.981 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5818 Patch priority Low CVSS severity Low 6.5 Developer WProyal PSID 21750c8b6654 Credits Webbernaut Required...

WordPress Best Restaurant Menu by PriceListo Plugin <= 1.4.1 is vulnerable to SQL Injection

Software Best Restaurant Menu by PriceListo Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38793 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e01346317df5 Credits Jayden Caelli ret2desync...

WordPress Smartsupp – live chat, chatbots, AI and lead generation Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smartsupp – live chat, chatbots, AI and lead generation Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38790 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...

WordPress Plum: Spin Wheel & Email Pop-up Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Plum: Spin Wheel & Email Pop-up Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38744 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 688ef82694b8 Credits Ananda Dhakal Patchstack...

WordPress Sirv Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software Sirv Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6392 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 6ea9e1fd2836 Credits Rafshanzani Suhada Required privilege Subscriber...

WordPress Ocean Extra Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Ocean Extra Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37489 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 89f5ea12cc74 Credits wcraft Required privilege Contributor...

WordPress WPQA - Builder forms Addon Plugin < 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WPQA - Builder forms Addon Type Plugin Vulnerable versions 6.1.1 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2375 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b62f23b8b86a Credits Bob Matyas...

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Tabs Plugin <= 4.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Type Plugin Vulnerable versions = 4.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca26fed23f5 Credits Jean Tirstan T Required privilege Administrator...

WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Pexels: Free Stock Photos Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6132 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 042650894638 Credits István Márton Required...

WordPress Woody ad snippets Plugin <= 2.5.0 is vulnerable to Remote Code Execution (RCE)

Software Woody ad snippets Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-3105 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID dce238499b1e Credits Webbernaut Required privilege...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4258 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9418bfa5fb03 Credits WordFence Required privilege Unauthenticated...

WordPress Quiz And Survey Master Plugin <= 9.0.1 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 9.0.1 Fixed in 9.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3592 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26d19aa78d42 Credits Lucio Sá Required privilege Contributor...

WordPress WS Form LITE Plugin <= 1.9.217 is vulnerable to CSV Injection

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer WS Form PSID 7d55c6663718 Credits Duc Manh Required privilege Unauthenticated Published 7...

WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Slider Responsive Slideshow – Image slider, Gallery slideshow versions = 1.4.0...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.89 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.89 Fixed in 1.5.91 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6743 Patch priority High CVSS severity High 9.9 Developer Unlimited Elements PSID...

WordPress Expert Invoice Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Expert Invoice Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5172 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e96705f138f8 Credits Guido Iván García Duva...

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928f58a695a Credits Bob Matyas...

WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection

Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof Zając Required privile...

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Privilege Escalation

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-4351 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc3d215c9303 Credits villu164...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.57 is vulnerable to PHP Object Injection

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.57 Fixed in 4.9.58 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4733 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID c137dcbad43b Credits Peter...

WordPress Table Maker Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Table Maker Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34574 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7c1bf395ed48 Credits CatFather Required privilege Author Publishe...

WordPress 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Plugin <= 3.71 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Type Plugin Vulnerable versions = 3.71 Fixed in 3.72 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Cross Site Scripting (XSS)

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33562 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d1626b7824f Credits Rafie Muhammad Patchstack Required privile...