WordPress Simple Ajax Chat Plugin < 20240412 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ajax Chat Type Plugin Vulnerable versions 20240412 Fixed in 20240412 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2470 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee695937f22a Credits fourcade Required...

WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)

Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...

WordPress Essential Addons for Elementor Plugin <= 5.9.21 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.21 Fixed in 5.9.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5073 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID bca3152f1888 Credits stealthcopt...

WordPress Expert Invoice Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Expert Invoice Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5172 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e96705f138f8 Credits Guido Iván García Duva...

WordPress Photo Gallery by 10Web Plugin <= 1.8.25 is vulnerable to Broken Access Control

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.25 Fixed in 1.8.26 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 904616965144 Credits Dhabaleshwar Das...

WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f253e02e4fa4 Credits Sławomir...

WordPress WP ViperGB Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ViperGB Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4409 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce16817d4da2 Credits Benedictus Jovan aillesiM...

WordPress Memberpress Plugin <= 1.11.29 is vulnerable to Server Side Request Forgery (SSRF)

Software Memberpress Type Plugin Vulnerable versions = 1.11.29 Fixed in 1.11.30 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5031 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID fdb3181ef572 Credits stealthcopter Required privileg...

WordPress Business Directory Plugin Plugin <= 6.4.2 is vulnerable to SQL Injection

Software Business Directory Plugin Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4443 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e684c455bb1f Credits Krzysztof Zając Required privilege...

WordPress LearnPress Plugin <= 4.2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.6 Fixed in 4.2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4971 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff054c167 Credits stealthcopter Required...

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-34761 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d593f1472031 Credits Security audit Required...

WordPress Save as PDF plugin by Pdfcrowd Plugin < 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5971 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a2f215ee118f Credits Avatar Mitu...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4277 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ad5ee25dcd1 Credits stealthcopter Required...

WordPress Netgsm Plugin <= 2.9.32 is vulnerable to Broken Access Control

Software Netgsm Type Plugin Vulnerable versions = 2.9.32 Fixed in 2.9.33 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4746 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07b1b0c3155d Credits Dhabaleshwar Das Required privilege...

WordPress Magical Addons For Elementor Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34547 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74ccb66566e9 Credits Khalid Yusuf Required...

WordPress Form Maker by 10Web Plugin <= 1.15.24 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.24 Fixed in 1.15.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34437 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bccbcab6c64f Credits Huynh Tien Si Required privile...

WordPress EAN for WooCommerce Plugin <= 4.8.9 is vulnerable to Privilege Escalation

Software EAN for WooCommerce Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-34370 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 628e44782b40 Credits...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress Email Verification for WooCommerce Plugin <= 2.7.4 is vulnerable to Bypass Vulnerability

Software Email Verification for WooCommerce Type Plugin Vulnerable versions = 2.7.4 Fixed in 2.7.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Bypass Vulnerability CVE CVE-2024-4185 Patch priority Low CVSS severity Low 5.6 Developer Claim ownership PSID 16dc89621743...

WordPress PB MailCrypt Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PB MailCrypt Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33935 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 63739ecce421 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Advanced Search Plugin <= 1.1.6 is vulnerable to SQL Injection

Software Advanced Search Type Plugin Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3265 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1c3388e59d0f Credits fourcade Required privilege Administrator Published ...

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Broken Access Control

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1c391075b80a Credits Rafie Muhammad Patchstack...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Privilege Escalation

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33549 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a1d74d6dfe5c Credits Rafie Muhammad...

WordPress Serious Slider Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Serious Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e5af7123ddcc Credits Steven Julian Requir...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

WordPress Royal Elementor Kit Theme <= 1.0.116 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Kit Type Theme Vulnerable versions = 1.0.116 Fixed in 1.0.117 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32773 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4da5c371e0b8 Credits Dhabaleshwar...

WordPress HelloAsso Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software HelloAsso Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32697 Patch priority Low CVSS severity Low 6.5 Developer HelloAsso PSID 1f9d717bb882 Credits Khalid Yusuf Required privilege Contributor...

WordPress Newspaper Theme <= 12.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Newspaper Type Theme Vulnerable versions = 12.6.5 Fixed in 12.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3815 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fb86a187abf Credits István Márton Required...

WordPress Real Media Library Lite Plugin <= 4.22.11 is vulnerable to Cross Site Scripting (XSS)

Software Real Media Library Lite Type Plugin Vulnerable versions = 4.22.11 Fixed in 4.22.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2328 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e373234a026c Credits stealthcopte...

WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WP 404 Auto Redirect to Similar Post Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32559 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c85034ba240a Credits AtaTurk1925...

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...

WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Libsyn Publisher Hub Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32141 Patch priority Low CVSS severity Low 4.3 Developer Libsyn PSID c755cb3750aa Credits Majed Refaea Required...

WordPress Redirect Redirection Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 083a31c079c9 Credits Dhabaleshwar Das Require...

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID de601e918847 Credits Dhabaleshwar Das Required...

WordPress Slider Revolution Plugin <= 6.6.20 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.20 Fixed in 6.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2306 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 25a221b7c033 Credits wesley wcraft Nikolas - md...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3216 Patch priority Low CVSS severity Low 5.3 Developer Claim...

WordPress is vulnerable to Sensitive Data Exposure

Software WordPress Type WordPress Core Vulnerable versions = 6.4.3 Fixed in 6.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5692 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5d6f8d7b72aa Credits Francesco Carlucci Require...

WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to CSV Injection

Software Relevanssi Type Plugin Vulnerable versions = 4.22.1 Fixed in 4.22.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2024-3214 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 3b70af9574ea Credits Thura Moe Myint mgthuramoemyint Required privilege...

WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.26 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions 3.2.26 Fixed in 3.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2509 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 59ef6d666275 Credits Dmitrii...

WordPress Ecwid Shopping Cart Plugin <= 6.12.10 is vulnerable to Cross Site Scripting (XSS)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.10 Fixed in 6.12.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 58dc51eadb76 Credits Krzysztof Zając...

WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to PHP Object Injection

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3018 Patch priority Low CVSS severity Low 8 Developer WPDeveloper PSID b599dd4e668d Credits Ngô Thiên An ancorn Required...

WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to Sensitive Data Exposure

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2974 Patch priority Low CVSS severity Low 5.3 Developer WPDeveloper PSID 724b318703c8 Credits Ankit Patel...

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29763 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 835f8f6375ea Credits...

WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...

WordPress BuddyForms Plugin <= 2.8.5 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30198 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f21da7d6bb61 Credits Dimas Maulana Required privilege...

WordPress Avada Theme <= 7.11.6 is vulnerable to Sensitive Data Exposure

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2340 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bc2cd20cbb75 Credits Muhammad Zeeshan Xib3rR4dAr Require...

WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...