WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

WordPress wp-Monalisa Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software wp-Monalisa Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-48038 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f42673584f5d Credits SOPROBRO Required privilege...

WordPress Telecash Ricaricaweb Plugin <= 2.2 is vulnerable to PHP Object Injection

Software Telecash Ricaricaweb Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48030 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7743976bb673 Credits LVT-tholv2k Required privilege...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b44af62239ce...

WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 788a715fcbd5 Credits vgo0 Required privilege...

WordPress JupiterX Core Plugin <= 4.6.5 is vulnerable to Arbitrary File Upload

Software JupiterX Core Type Plugin Vulnerable versions = 4.6.5 Fixed in 4.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7772 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ab3838034ebf Credits Geo Void Required privilege Unauthenticated...

WordPress Elements kit Elementor addons Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8546 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 43112ffb0d64 Credits zer0gh0st Required...

WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9027 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 023d928af205 Credits Peter Thaleikis Required...

WordPress ThemeHunk Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software ThemeHunk Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8434 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0bcea717beb5 Credits Lucio Sá Required privilege Subscrib...

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...

WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions 4.9.9 - 4.9.16 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8850 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37434d44abfc Credits kauenavarro Required privilege...

WordPress Backuply – Backup, Restore, Migrate and Clone Plugin <= 1.3.4 is vulnerable to SQL Injection

Software Backuply – Backup, Restore, Migrate and Clone Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8669 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca125ceee6e2 Credits bart Required...

WordPress Adicon Server Plugin <= 1.2 is vulnerable to SQL Injection

Software Adicon Server Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7766 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c65c942c260c Credits Sumit Patel Required privilege Administrator Published 1...

WordPress Starbox Plugin < 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.2 Fixed in 3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7955 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8d336cf2178c Credits Krugov Artyom Required privilege...

WordPress Content Blocks (Custom Post Widget) Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Content Blocks Custom Post Widget Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44051 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b50c32e861c5 Credits lowol ngo Required...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8106 Patch priority Medium CVSS severity Medium 6.5 Developer WP Extended PSID 027663c0c476...

WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection

Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...

WordPress YARPP Plugin <= 5.30.10 is vulnerable to Broken Access Control

Software YARPP Type Plugin Vulnerable versions = 5.30.10 Fixed in 5.30.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43919 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b08b40ebe1e3 Credits Rafie Muhammad Patchstack Required...

WordPress ReviewX Plugin <= 1.6.28 is vulnerable to Broken Access Control

Software ReviewX Type Plugin Vulnerable versions = 1.6.28 Fixed in 1.6.29 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43323 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aac7e9823c91 Credits Manab Jyoti Dowarah Required...

WordPress Flash & HTML5 Video Plugin <= 2.5.30 is vulnerable to Broken Access Control

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.30 Fixed in 2.5.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43296 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 14d9f8844f5d Credits Ananda Dhakal Patchstac...

WordPress Insert PHP Code Snippet Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43275 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6953adb666a Credits Rafie...

WordPress Christmasify! Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Christmasify! Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7574 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1de3d7f2fe0e Credits vgo0 Required privileg...

WordPress DearFlip Plugin <= 2.2.55 is vulnerable to Cross Site Scripting (XSS)

Software DearFlip Type Plugin Vulnerable versions = 2.2.55 Fixed in 2.2.56 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8b20eae5d21 Credits m3ez Required...

WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43254 Patch priority Low CVSS severity Low 4.3 Developer Zaytech PSID 156828c345a0 Credits Dhabaleshwar Das Requir...

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) Plugin < 1.7.0 is vulnerable to SQL Injection

Software Docket WooCommerce Collections / Wishlist / Watchlist Type Plugin Vulnerable versions 1.7.0 Fixed in 1.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43132 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 952a5b0e08da Credits Dave Jong...

WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication

Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...

WordPress Extensions for Elementor Plugin <= 2.0.31 is vulnerable to Cross Site Scripting (XSS)

Software Extensions for Elementor Type Plugin Vulnerable versions = 2.0.31 Fixed in 2.0.32 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5c0f52c8e53f Credits Khalid Yusuf Required...

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2872 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a6a23937e22a Credits Bob...

WordPress WP User Frontend Plugin <= 4.0.7 is vulnerable to SQL Injection

Software WP User Frontend Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 008157994643 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Ultimate Classified Listings Plugin < 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.3 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 51c9f2d610f9 Credits Bob Matyas...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.20 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.20 Fixed in 3.19.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 581cfa0b62a8...

WordPress Shortcodes Ultimate Pro Plugin < 7.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.1.5 Fixed in 7.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6182f916e0f Credits Dmitrii Ignatyev...

WordPress WPS Hide Login Plugin < 1.9.16.4 is vulnerable to Bypass Vulnerability

Software WPS Hide Login Type Plugin Vulnerable versions 1.9.16.4 Fixed in 1.9.16.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6289 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f53af1c9d210 Credits Juan Pablo Gomez Postigo Required...

WordPress Hostel Plugin < 1.1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Hostel Type Plugin Vulnerable versions 1.1.5.3 Fixed in 1.1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8eec664963a4 Credits Bob Matyas Required...

WordPress Events Calendar for Google Plugin <= 2.1.0 is vulnerable to Local File Inclusion

Software Events Calendar for Google Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38716 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 305987aedf95 Credits João Pedro S Alcântar...

WordPress Power BI Embedded for WordPress Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Power BI Embedded for WordPress Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d71cfc52b95c Credits Joshua Chan Required...

WordPress InstaWP Connect Plugin <= 0.1.0.44 is vulnerable to Privilege Escalation

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.44 Fixed in 0.1.0.45 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6397 Patch priority High CVSS severity High 9.8 Developer InstaWP PSID c8289fd0efb9 Credits Truoc Phan Required privilege...

WordPress FileBird Document Library Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure

Software FileBird Document Library Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.8.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7621ab22a70e Credits Peng Zhou...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

WordPress EmbedPress Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 86a2108fb08b Credits Yudistira Arya Required privilege...

WordPress PDF Viewer for Elementor Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS)

Software PDF Viewer for Elementor Type Plugin Vulnerable versions = 2.9.3 Fixed in N/A OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 769c101f6b45 Credits Yudistira...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.25 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37252 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3780ace67cce Credits shaman0x01 Required privilege...

WordPress Vandana Lite Theme <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Vandana Lite Type Theme Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d4dd2dbf84c Credits Dhabaleshwar Das Requir...

WordPress Easy Age Verify Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Easy Age Verify Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d39f735e9e41 Credits Huynh Tien Si Required privilege...

WordPress Master Addons for Elementor Plugin <= 2.0.6.1 is vulnerable to Broken Access Control

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.6.1 Fixed in 2.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5382 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 62e303c589aa Credits Webberna...

WordPress WS Form LITE Plugin <= 1.9.217 is vulnerable to CSV Injection

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer WS Form PSID 7d55c6663718 Credits Duc Manh Required privilege Unauthenticated Published 7...

WordPress Tickera Plugin <= 3.5.2.6 is vulnerable to Broken Access Control

Software Tickera Type Plugin Vulnerable versions = 3.5.2.6 Fixed in 3.5.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35729 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 41ad9b04a28b Credits Manab Jyoti Dowarah Required...