46684 matches found
WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928f58a695a Credits Bob Matyas...
WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)
Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f253e02e4fa4 Credits Sławomir...
WordPress LearnPress Plugin <= 4.2.6.6 is vulnerable to Cross Site Scripting (XSS)
Software LearnPress Type Plugin Vulnerable versions = 4.2.6.6 Fixed in 4.2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4971 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff054c167 Credits stealthcopter Required...
WordPress Porto Theme <= 7.1.0 is vulnerable to Local File Inclusion
Software Porto Type Theme Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3806 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 98785fd04b6f Credits István Márton Required privilege Unauthenticated...
WordPress Mesmerize Companion Plugin <= 1.6.148 is vulnerable to Cross Site Scripting (XSS)
Software Mesmerize Companion Type Plugin Vulnerable versions = 1.6.148 Fixed in 1.6.149 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3494 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79965937956 Credits stealthcopter...
WordPress Form Maker by 10Web Plugin <= 1.15.24 is vulnerable to Cross Site Scripting (XSS)
Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.24 Fixed in 1.15.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34437 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bccbcab6c64f Credits Huynh Tien Si Required privile...
WordPress Stockholm Core Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)
Software Stockholm Core Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ee301c14ad2 Credits Rafie Muhammad Patchstack Require...
WordPress Magical Addons For Elementor Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)
Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34547 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74ccb66566e9 Credits Khalid Yusuf Required...
WordPress Print-O-Matic Plugin <= 2.1.10 is vulnerable to Cross Site Scripting (XSS)
Software Print-O-Matic Type Plugin Vulnerable versions = 2.1.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33936 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b4761232408 Credits Ngô Thiên An ancorn from VNPT-VCI Require...
WordPress PB MailCrypt Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
Software PB MailCrypt Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33935 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 63739ecce421 Credits Ngô Thiên An ancorn from VNPT-VCI Required...
WordPress Social Media & Share Icons Plugin <= 2.8.6 is vulnerable to Broken Access Control
Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a7903f770f4 Credits Dhabaleshwar Das...
WordPress WZone Plugin <= 14.0.33 is vulnerable to Privilege Escalation
Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33549 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a1d74d6dfe5c Credits Rafie Muhammad...
WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.3 is vulnerable to Broken Access Control
Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33565 Patch priority High CVSS severity High 9.1 Developer DMitry PSID 256e9c100507 Credits Rafie...
WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion
Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...
WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion
Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...
WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection
Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...
WordPress StreamWeasels Twitch Integration plugin <= 1.7.8 - API Sensitive Data Exposure vulnerability
API Sensitive Data Exposure vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin StreamWeasels Twitch Integration versions = 1.7.8...
WordPress Newspaper Theme <= 12.6.5 is vulnerable to Cross Site Scripting (XSS)
Software Newspaper Type Theme Vulnerable versions = 12.6.5 Fixed in 12.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3815 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fb86a187abf Credits István Márton Required...
WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure
Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...
WordPress Paid Memberships Pro Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3215 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 707f90cd781b Credits Whit Taylor...
WordPress Real Media Library Lite Plugin <= 4.22.11 is vulnerable to Cross Site Scripting (XSS)
Software Real Media Library Lite Type Plugin Vulnerable versions = 4.22.11 Fixed in 4.22.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2328 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e373234a026c Credits stealthcopte...
WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...
WordPress Default Mag Theme <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Default Mag Type Theme Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38907f8269e6 Credits Dhabaleshwar Das Require...
WordPress Extra Product Options Builder for WooCommerce Plugin <= 1.2.104 is vulnerable to Cross Site Request Forgery (CSRF)
Software Extra Product Options Builder for WooCommerce Type Plugin Vulnerable versions = 1.2.104 Fixed in 1.2.105 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31940 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
WordPress Redirect Redirection Plugin <= 1.1.9 is vulnerable to Broken Access Control
Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 083a31c079c9 Credits Dhabaleshwar Das Require...
WordPress Slider Revolution Plugin <= 6.6.20 is vulnerable to Cross Site Scripting (XSS)
Software Slider Revolution Type Plugin Vulnerable versions = 6.6.20 Fixed in 6.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2306 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 25a221b7c033 Credits wesley wcraft Nikolas - md...
WordPress Tracking Code Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control
Software Tracking Code Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51665fb13771 Credits Abdi Pranata Required...
WordPress Oxygen Builder Plugin <= 4.9 is vulnerable to Remote Code Execution (RCE)
Software Oxygen Builder Type Plugin Vulnerable versions = 4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-31380 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4b3933c6a6e8 Credits Snicco Required privilege Contributo...
WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to Sensitive Data Exposure
Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2974 Patch priority Low CVSS severity Low 5.3 Developer WPDeveloper PSID 724b318703c8 Credits Ankit Patel...
WordPress Ecwid Shopping Cart Plugin <= 6.12.10 is vulnerable to Cross Site Scripting (XSS)
Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.10 Fixed in 6.12.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 58dc51eadb76 Credits Krzysztof Zając...
WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...
WordPress Social Icons Widget & Block by WPZOOM Plugin <= 4.2.15 is vulnerable to Broken Access Control
Software Social Icons Widget & Block by WPZOOM Type Plugin Vulnerable versions = 4.2.15 Fixed in 4.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30464 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 49894ab6e8af Credits Rafie...
WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-30445 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f47e40e4725 Credits Steven Julian Required privilege...
WordPress OSS Aliyun Plugin <= 1.4.10 is vulnerable to SQL Injection
Software OSS Aliyun Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30494 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f4acc3b1af32 Credits Majed Refaea Required privilege Administrator...
WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection
Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...
WordPress BuddyForms Plugin <= 2.8.5 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30198 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f21da7d6bb61 Credits Dimas Maulana Required privilege...
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29763 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 835f8f6375ea Credits...
WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...
WordPress Avada Theme <= 7.11.6 is vulnerable to Server Side Request Forgery (SSRF)
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2343 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b215d9a4cc5d Credits Muhammad Zeeshan Xib3rR4dAr Required...
WordPress Avada Theme <= 7.11.6 is vulnerable to Sensitive Data Exposure
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2340 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bc2cd20cbb75 Credits Muhammad Zeeshan Xib3rR4dAr Require...
WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2289 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 9d2284f4a282 Credits...
WordPress Simple Job Board Plugin <= 2.11.0 is vulnerable to PHP Object Injection
Software Simple Job Board Type Plugin Vulnerable versions = 2.11.0 Fixed in 2.11.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1813 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0f7bf0484277 Credits Francesco Carlucci Required privilege...
WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)
Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...
WordPress Ultimate Member Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Member Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2123 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d51add86a5f Credits stealthcopter...
WordPress Download Manager Plugin <= 3.2.84 is vulnerable to Broken Access Control
Software Download Manager Type Plugin Vulnerable versions = 3.2.84 Fixed in 3.2.85 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6785 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 049e661b5aa7 Credits wesley wcraft Required...
WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...
WordPress Peach Payments Gateway Plugin <= 3.1.9 is vulnerable to Broken Access Control
Software Peach Payments Gateway Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25922 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ed5c43af060 Credits Abdi Pranata Required...
WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control
Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35a4c2f10086 Credits Frances...
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to Cross Site Scripting (XSS)
Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25593 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 87e47cb4335f Credits Ngô Thiên An ancorn...
WordPress Canto Plugin <= 3.0.6 is vulnerable to Remote Code Execution (RCE)
Software Canto Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25096 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5a102fd4265b Credits Rodrigo Escobar ipax Required privilege...