46677 matches found
WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...
WordPress Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution vulnerability
Authenticated Contributor+ Remote Code Execution vulnerability discovered by kai63001 in WordPress Plugin Spectra versions = 2.19.25...
WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...
NPM: brace-expansion: Large numeric range defeats documented `max` DoS protection
NPM: brace-expansion: Large numeric range defeats documented max DoS protection vulnerability discovered by ? in WordPress Npm brace-expansion versions = 5.0.0, 5.0.6...
NPM: Next.js has a Denial of Service in the Image Optimization API
NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...
WordPress Quiz Maker plugin < 6.7.0.89 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bakir Tuči in WordPress Plugin Quiz Maker versions 6.7.0.89...
WordPress Flex Store Users plugin <= 1.1.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin Flex Store Users versions = 1.1.0...
WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...
WordPress SEPA Girocode plugin <= 0.5.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin SEPA Girocode versions = 0.5.1...
WordPress Digits plugin < 8.4.6.1 - Auth Bypass via OTP Bruteforcing vulnerability
Auth Bypass via OTP Bruteforcing vulnerability discovered by Saleh Tarawneh in WordPress Plugin Digits versions 8.4.6.1...
WordPress All in One SEO Pack plugin <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability discovered by Ivan Kuzymchak in WordPress Plugin All In One SEO Pack versions = 4.8.1.1...
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by Denver Jackson Patchstack Alliance in WordPress Plugin OttoKit versions = 1.0.82...
WordPress Greenshift plugin 11.4-11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin Greenshift versions 11.4-11.4.5...
WordPress Contest Gallery Plugin <= 24.0.7 is vulnerable to Privilege Escalation
Software Contest Gallery Type Plugin Vulnerable versions = 24.0.7 Fixed in 24.0.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11103 Patch priority High CVSS severity High 9.8 Developer Wasiliy Strecker PSID 917060960355 Credits...
WordPress ProfilePress Plugin <= 4.15.18 is vulnerable to Sensitive Data Exposure
Software ProfilePress Type Plugin Vulnerable versions = 4.15.18 Fixed in 4.15.19 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-11083 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e80f39bc400e Credits Francesco Carlucci...
WordPress Ultimate Member Plugin <= 2.8.9 is vulnerable to Broken Access Control
Software Ultimate Member Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10528 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65aa5e86b9d5 Credits tiborisaak Required privilege...
WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Path Traversal
Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-10708 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8350df71b2da Credits Dogus DEMIRKIRAN Required privilege...
WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9653 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...
WordPress ProfileGrid Plugin <= 5.9.3.6 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.6 Fixed in 5.9.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10900 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7fdd2a43e49 Credits 1337Wannabe Required...
WordPress Awesome Studio Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Awesome Studio Type Plugin Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83cb8daf8eb9 Credits Le Ngoc Anh Required privilege...
WordPress Popup box Plugin <= 4.9.7 is vulnerable to Broken Access Control
Software Popup box Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10861 Patch priority Low CVSS severity Low 5.2 Developer Claim ownership PSID bfd2e007cc0d Credits Trương Hữu Phúc truonghuuphuc...
WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)
Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...
WordPress Exclusive Content Password Protect Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Exclusive Content Password Protect Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52402 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID b722ce5d7201 Credits...
WordPress Relais 2FA Plugin <= 1.0 is vulnerable to Broken Authentication
Software Relais 2FA Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 461a7cd31084 Credits István Márton...
WordPress RSV 360 View Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software RSV 360 View Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51906 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10130673798c Credits SOPROBRO Required privilege Contributor...
WordPress Debug Tool Plugin <= 2.2 is vulnerable to Arbitrary File Upload
Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-10586 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 9bf09e1be202 Credits Francesco Carlucci Required privilege...
WordPress Provide Forex Signals Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Provide Forex Signals Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52344 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 641cced34713 Credits SOPROBRO Required privilege...
WordPress News Articles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software News Articles Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b2e622b9d30c Credits SOPROBRO Required privilege Contributor...
WordPress WooCommerce Support Ticket System Plugin <= 17.6 is vulnerable to Arbitrary File Deletion
Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.6 Fixed in 17.8 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-10625 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b5c39d8368a0 Credits Tonn Required privile...
WordPress Plenigo Plugin <= 1.12.0 is vulnerable to Cross Site Scripting (XSS)
Software Plenigo Type Plugin Vulnerable versions = 1.12.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51832 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be08c327ab53 Credits SOPROBRO Required privilege Contributor Publish...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...
WordPress Element Pack Elementor Addons Plugin <= 5.10.2 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.10.2 Fixed in 5.10.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9657 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff0e5049a Credits Webberna...
WordPress Loginizer Plugin <= 1.9.2 is vulnerable to Broken Authentication
Software Loginizer Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 240cee809d7c Credits wesley wcraf...
WordPress CF7 WOW Styler Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)
Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51689 Patch priority Medium CVSS severity Medium 7.1 Developer Tobias PSID 34b5f0049a13 Credits Le Ngoc Anh Required privilege...
WordPress BBP Core - Expand bbPress powered forums with useful features Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software BBP Core - Expand bbPress powered forums with useful features Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9896 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...
WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload
Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50526 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 077c15d9e1a1 Credits stealthcopter Required privilege...
WordPress Contact Form 7 Telegram Plugin <= 0.8.5 is vulnerable to Broken Access Control
Software Contact Form 7 Telegram Type Plugin Vulnerable versions = 0.8.5 Fixed in 0.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc9031e15885 Credits István Márton Required...
WordPress Meetup Plugin <= 0.1 is vulnerable to Broken Authentication
Software Meetup Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50483 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6432286e77c7 Credits Bonds Required...
WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution
Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...
WordPress WPS Telegram Chat Plugin <= 4.5.4 is vulnerable to Broken Access Control
Software WPS Telegram Chat Type Plugin Vulnerable versions = 4.5.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9630 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9cb16fad33b1 Credits István Márton Required privile...
WordPress WP Booking System Plugin <= 2.0.19.10 is vulnerable to Broken Access Control
Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.10 Fixed in 2.0.19.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50425 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ad36b04a505d Credits Trương Hữu Phúc...
WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to SQL Injection
Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10341 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e710f3b6d815 Credits István Márton Required privilege...
WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control
Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...
WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection
Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2b353481dee7 Credits John Castro Required privilege...
WordPress WP Dropbox Dropins Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software WP Dropbox Dropins Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49607 Patch priority High CVSS severity High 10 Developer Claim ownership PSID bc49371a8bf9 Credits stealthcopter Required privilege...
WordPress Giveaway Boost Plugin <= 2.1.4 is vulnerable to PHP Object Injection
Software Giveaway Boost Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49332 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc16e9530c12 Credits Mika Required privilege Unauthenticated...
WordPress Simple Custom Post Order Plugin <= 2.5.7 is vulnerable to Broken Access Control
Software Simple Custom Post Order Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49321 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c22de4a69ef Credits Rafie Muhammad...
WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)
Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...
WordPress AppPresser Plugin <= 4.4.4 is vulnerable to Privilege Escalation
Software AppPresser Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2024-9305 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2966965459f6 Credits wesley wcraft Required privilege...