46684 matches found
WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure
Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...
WordPress PostX Plugin < 4.1.0 is vulnerable to Cross Site Scripting (XSS)
Software PostX Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4305 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a6a72a8e520 Credits Dmitrii Ignatyev Required privilege...
WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928f58a695a Credits Bob Matyas...
WordPress The Events Calendar PRO Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure
Software The Events Calendar PRO Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc59557889e3 Credits Scott Kingsley Cla...
WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection
Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof Zając Required privile...
WordPress Memberpress Plugin <= 1.11.29 is vulnerable to Server Side Request Forgery (SSRF)
Software Memberpress Type Plugin Vulnerable versions = 1.11.29 Fixed in 1.11.30 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5031 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID fdb3181ef572 Credits stealthcopter Required privileg...
WordPress Uber Menu Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Uber Menu Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4710 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 50d8afce240c Credits stealthcopter Required privile...
WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Privilege Escalation
Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-4351 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc3d215c9303 Credits villu164...
WordPress Ultimate Blocks – Gutenberg Blocks Plugin Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Blocks – Gutenberg Blocks Plugin Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d5558061fd26 Credits...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...
WordPress Form Maker by 10Web Plugin <= 1.15.24 is vulnerable to Cross Site Scripting (XSS)
Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.24 Fixed in 1.15.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34437 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bccbcab6c64f Credits Huynh Tien Si Required privile...
WordPress EAN for WooCommerce Plugin <= 4.8.9 is vulnerable to Privilege Escalation
Software EAN for WooCommerce Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-34370 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 628e44782b40 Credits...
WordPress Contact Form by WPForms Plugin <= 1.8.7.2 is vulnerable to Broken Access Control
Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.8.7.2 Fixed in 1.8.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3649 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f3183fdcee99 Credits Asaf Mozes Require...
WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.7.7 is vulnerable to Sensitive Data Exposure
Software Drag and Drop Multiple File Upload – Contact Form 7 Type Plugin Vulnerable versions = 1.3.7.7 Fixed in 1.3.7.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3717 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...
WordPress Social Media & Share Icons Plugin <= 2.8.6 is vulnerable to Broken Access Control
Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a7903f770f4 Credits Dhabaleshwar Das...
WordPress Filterable Portfolio Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Filterable Portfolio Type Plugin Vulnerable versions = 1.6.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4234 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a352fd807519 Credits Steven Julian Required privilege...
WordPress KB Support Plugin <= 1.6.0 is vulnerable to Broken Access Control
Software KB Support Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33589 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 770dfcb61dbb Credits Yudistira Arya Required privilege...
WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control
Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...
WordPress Serious Slider Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Serious Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e5af7123ddcc Credits Steven Julian Requir...
WordPress Client Dash Plugin <= 2.2.1 is vulnerable to Broken Access Control
Software Client Dash Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33652 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 999732255bed Credits Skalucy Required privilege...
WordPress Royal Elementor Addons Plugin <= 1.3.93 is vulnerable to Bypass Vulnerability
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.93 Fixed in 1.3.95 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32786 Patch priority Low CVSS severity Low 5.3 Developer WProyal PSID 136b421b7f6f Credits Brandon Roldan Required...
WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection
Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...
WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Request Forgery (CSRF)
Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2858 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfe6a65231af Credits Bob Matyas...
WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...
WordPress Essential Grid Plugin <= 3.1.1 is vulnerable to Broken Access Control
Software Essential Grid Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3235 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 597aadc22d06 Credits 1337Wannabe Required privilege...
WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.25 is vulnerable to Cross Site Request Forgery (CSRF)
Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-31388 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to CSV Injection
Software Relevanssi Type Plugin Vulnerable versions = 4.22.1 Fixed in 4.22.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2024-3214 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 3b70af9574ea Credits Thura Moe Myint mgthuramoemyint Required privilege...
WordPress Contact Form 7 Newsletter Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 Newsletter Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31110 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d60fc2231b4d Credits Dimas Maulana Required...
WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.7 Fixed in 1.4.1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38805bdd386d...
WordPress Seriously Simple Podcasting Plugin < 3.0.0 is vulnerable to Sensitive Data Exposure
Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2023-6444 Patch priority Low CVSS severity Low 5.3 Developer Castos PSID d8c267ec50e4 Credits Krzysztof Zając CERT PL Required...
WordPress MasterStudy LMS Plugin <= 3.2.5 is vulnerable to SQL Injection
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1512 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e235479f4753 Credits Krzysztof Zając Required privilege Unauthenticat...
WordPress Livemesh Addons for Elementor Plugin <= 8.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.2 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1235 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ab5cdd31d383 Credits Webbernaut...
WordPress PowerPack Addons for Elementor Plugin <= 2.7.14 is vulnerable to Cross Site Scripting (XSS)
Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.14 Fixed in 2.7.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1055 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 07e0415bb2da Credits...
WordPress WP RSS Aggregator Plugin <= 4.23.5 is vulnerable to Server Side Request Forgery (SSRF)
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.5 Fixed in 4.23.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-0628 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID dd1943fc88ab Credits Colin Xu Requir...
WordPress WPvivid Backup and Migration Plugin <= 0.9.94 is vulnerable to Broken Access Control
Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.94 Fixed in 0.9.95 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4637 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9fe28924b5f3 Credits Revan Arifio...
WordPress enigma chart.js Plugin <= 2023.2 is vulnerable to Cross Site Scripting (XSS)
Software enigma chart.js Type Plugin Vulnerable versions = 2023.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6082 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f48f6888cc5 Credits Asif Nawaz Minhas & Serge...
WordPress FluentForm Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f6deb843ce1 Credits Akbar Kustirama Required...
WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.9 is vulnerable to SQL Injection
Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.9 Fixed in 3.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0705 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8c922733cce2 Credits Francesco Carlucci Requir...
WordPress Stock Locations for WooCommerce Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
Software Stock Locations for WooCommerce Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22153 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cf59ffb809c9 Credits Mika Required privileg...
WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection
Software WP Adminify Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52132 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1e08f0f78327 Credits Muhammad Daffa Required privilege Administrator...
WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.2.1 is vulnerable to Privilege Escalation
Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.3.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51546 Patch priority Medium CVSS severity Medium...
WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection
Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...
WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...
WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Multi Currency For WooCommerce Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49840 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c36e478dcad3 Credits Nguy...
WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection
Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...
WordPress Social Share Buttons & Analytics Plugin – GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS)
Software Social Share Buttons & Analytics Plugin – GetSocial.io Type Plugin Vulnerable versions = 4.3.12 Fixed in 4.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49189 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e59fc2241f6f Credits...
WordPress JetThemeCore Plugin <= 2.1.2.1 is vulnerable to Broken Access Control
Software JetThemeCore Type Plugin Vulnerable versions = 2.1.2.1 Fixed in 2.1.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48761 Patch priority Medium CVSS severity Medium 6.3 Developer Crocoblock PSID 81078e3aaad1 Credits Rafie Muhammad Patchstack...
WordPress JetTricks Plugin <= 1.4.6.1 is vulnerable to Broken Access Control
Software JetTricks Type Plugin Vulnerable versions = 1.4.6.1 Fixed in 1.4.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 1a049ca5510e Credits Rafie Muhammad Patchstack...
WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.13.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 1a0a78a4df65 Credits Rafie...
WordPress Theme My Login 2FA Plugin < 1.2 is vulnerable to Bypass Vulnerability
Software Theme My Login 2FA Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-6272 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8ec60bf22c2e Credits Joost Grunwald Required privilege...