WordPress e2pdf Plugin <= 1.25.05 is vulnerable to Cross Site Scripting (XSS)

Software e2pdf Type Plugin Vulnerable versions = 1.25.05 Fixed in 1.25.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43318 Patch priority Low CVSS severity Low 6.5 Developer E2Pdf.com PSID 618e2ecf6073 Credits LVT-tholv2k Required privilege Contributor Publish...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

WordPress Form Maker by 10Web Plugin <= 1.15.26 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.26 Fixed in 1.15.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43220 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77f57c6e5d92 Credits Le Ngoc Anh Required...

WordPress Zephyr Project Manager Plugin < 3.3.99 is vulnerable to Cross Site Scripting (XSS)

Software Zephyr Project Manager Type Plugin Vulnerable versions 3.3.99 Fixed in 3.3.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6536 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7446412b149f Credits Adrian Peña...

WordPress FormFlow Plugin < 2.12.2 is vulnerable to Cross Site Scripting (XSS)

Software FormFlow Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05bb1755ee18 Credits Dikshita Trivedi Cybersecdexter...

WordPress Power BI Embedded for WordPress Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Power BI Embedded for WordPress Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d71cfc52b95c Credits Joshua Chan Required...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.10 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.10 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37512 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6818a3b8cb82 Credits LVT-tholv2k Require...

WordPress IMGspider Plugin <= 2.3.10 is vulnerable to Arbitrary File Upload

Software IMGspider Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6319 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 7f35690ce29e Credits István Márton Required privilege...

WordPress Page and Post Clone Plugin <= 6.0 is vulnerable to Sensitive Data Exposure

Software Page and Post Clone Type Plugin Vulnerable versions = 6.0 Fixed in 6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5942 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 2f05aa4ff3e4 Credits Bassem Essam Required...

WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

WordPress 12 Step Meeting List Plugin <= 3.14.33 is vulnerable to Cross Site Scripting (XSS)

Software 12 Step Meeting List Type Plugin Vulnerable versions = 3.14.33 Fixed in 3.14.34 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35693 Patch priority Medium CVSS severity Medium 7.1 Developer Code for Recovery PSID 8149c3967f73 Credits alien8 Required...

WordPress Bloglo Theme <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Bloglo Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 469488b623d7 Credits stealthcopter Required privilege Contributor...

WordPress Analytify Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Analytify Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4a532a64f850 Credits Majed Refaea Required...

WordPress ElasticPress Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ElasticPress Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35684 Patch priority Low CVSS severity Low 4.3 Developer 10up PSID fbb3d18344c4 Credits Ananda Dhakal Patchstack Required...

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80da7493f574 Credits Dave Jong...

WordPress AffiEasy Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software AffiEasy Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4218 Patch priority Low CVSS severity Low 6.5 Developer AffiEasy PSID 6a6d4298e483 Credits Benedictus Jovan aillesiM Required...

WordPress PostX Plugin < 4.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4305 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a6a72a8e520 Credits Dmitrii Ignatyev Required privilege...

WordPress The Events Calendar PRO Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure

Software The Events Calendar PRO Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc59557889e3 Credits Scott Kingsley Cla...

WordPress Pray For Me Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pray For Me Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3965 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 75aaa6747a5e Credits Bob Matyas Required...

WordPress Porto Theme <= 7.1.0 is vulnerable to Local File Inclusion

Software Porto Type Theme Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3806 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 98785fd04b6f Credits István Márton Required privilege Unauthenticated...

WordPress Mesmerize Companion Plugin <= 1.6.148 is vulnerable to Cross Site Scripting (XSS)

Software Mesmerize Companion Type Plugin Vulnerable versions = 1.6.148 Fixed in 1.6.149 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3494 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79965937956 Credits stealthcopter...

WordPress Stockholm Core Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Stockholm Core Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ee301c14ad2 Credits Rafie Muhammad Patchstack Require...

WordPress Stockholm Core Plugin <= 2.4.1 is vulnerable to Local File Inclusion

Software Stockholm Core Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34554 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f9aa82fd3a5e Credits Rafie Muhammad Patchstack Required privileg...

WordPress Contact Form by WPForms Plugin <= 1.8.7.2 is vulnerable to Broken Access Control

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.8.7.2 Fixed in 1.8.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3649 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f3183fdcee99 Credits Asaf Mozes Require...

WordPress WP Media Cleaner Plugin <= 6.7.2 is vulnerable to Sensitive Data Exposure

Software WP Media Cleaner Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.7.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-33922 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 489615881bfc Credits Joshua Chan Required...

WordPress Print-O-Matic Plugin <= 2.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Print-O-Matic Type Plugin Vulnerable versions = 2.1.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33936 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b4761232408 Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress Payment Gateway Based Fees and Discounts for WooCommerce Plugin <= 2.12.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Payment Gateway Based Fees and Discounts for WooCommerce Type Plugin Vulnerable versions = 2.12.1 Fixed in 2.12.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33585 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

WordPress StreamWeasels Twitch Integration plugin <= 1.7.8 - API Sensitive Data Exposure vulnerability

API Sensitive Data Exposure vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin StreamWeasels Twitch Integration versions = 1.7.8...

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...

WordPress Essential Grid Plugin <= 3.1.1 is vulnerable to Broken Access Control

Software Essential Grid Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3235 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 597aadc22d06 Credits 1337Wannabe Required privilege...

WordPress Default Mag Theme <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Default Mag Type Theme Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38907f8269e6 Credits Dhabaleshwar Das Require...

WordPress Tracking Code Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Tracking Code Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51665fb13771 Credits Abdi Pranata Required...

WordPress is vulnerable to Sensitive Data Exposure

Software WordPress Type WordPress Core Vulnerable versions = 6.4.3 Fixed in 6.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5692 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5d6f8d7b72aa Credits Francesco Carlucci Require...

WordPress Post Views Counter Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Views Counter Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31264 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68843b34fde0 Credits Brandon Roldan...

WordPress Oxygen Builder Plugin <= 4.9 is vulnerable to Remote Code Execution (RCE)

Software Oxygen Builder Type Plugin Vulnerable versions = 4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-31380 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4b3933c6a6e8 Credits Snicco Required privilege Contributo...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.7 Fixed in 1.4.1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38805bdd386d...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

WordPress Avada Theme <= 7.11.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2343 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b215d9a4cc5d Credits Muhammad Zeeshan Xib3rR4dAr Required...

WordPress Simple Job Board Plugin <= 2.11.0 is vulnerable to PHP Object Injection

Software Simple Job Board Type Plugin Vulnerable versions = 2.11.0 Fixed in 2.11.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1813 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0f7bf0484277 Credits Francesco Carlucci Required privilege...

WordPress Seriously Simple Podcasting Plugin < 3.0.0 is vulnerable to Sensitive Data Exposure

Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2023-6444 Patch priority Low CVSS severity Low 5.3 Developer Castos PSID d8c267ec50e4 Credits Krzysztof Zając CERT PL Required...

WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

WordPress Simple Job Board Plugin <= 2.10.8 is vulnerable to Broken Access Control

Software Simple Job Board Type Plugin Vulnerable versions = 2.10.8 Fixed in 2.11.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0593 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 752406ce2200 Credits Krzysztof Zając Required...

WordPress WP RSS Aggregator Plugin <= 4.23.5 is vulnerable to Server Side Request Forgery (SSRF)

Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.5 Fixed in 4.23.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-0628 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID dd1943fc88ab Credits Colin Xu Requir...

WordPress Dragfy Addons for Elementor Plugin <= 8.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Dragfy Addons for Elementor Type Plugin Vulnerable versions = 8.3.1 Fixed in 8.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0448 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80155176471b Credits Webbernaut...

WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.9 is vulnerable to SQL Injection

Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.9 Fixed in 3.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0705 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8c922733cce2 Credits Francesco Carlucci Requir...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 1.9.98 is vulnerable to Arbitrary File Upload

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 1.9.98 Fixed in 1.9.99 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-51409 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fdd4a788407b Credits Rafie Muhammad Patchstack...

WordPress WP 2FA Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP 2FA Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6520 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95117a5d7a1e Credits Ulyses Saicha Required privilege...