WordPress <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Because of these vulnerabilities in template-functions-post.php, attackers can execute arbitrary commands via the title of the post or content. Solution Update WordPress to the latest possible version...

WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Google Review Slider versions = 18.0...

WordPress The7 — Website and eCommerce Builder for WordPress theme <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Theme The7 versions = 14.3.2...

WordPress Eight Day Week Print Workflow plugin <= 1.2.6 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Loganatha Vishnubalaji in WordPress Plugin Eight Day Week Print Workflow versions = 1.2.6...

WordPress WPC Badge Management for WooCommerce plugin <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WPC Badge Management for WooCommerce versions = 3.1.6...

WordPress Quiz Maker plugin < 6.7.0.89 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bakir Tuči in WordPress Plugin Quiz Maker versions 6.7.0.89...

WordPress HTML Forms – Simple WordPress Forms Plugin plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin HTML Forms versions = 1.6.0...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks vulnerability

Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks vulnerability discovered by mikemyers in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.8.9...

WordPress SEPA Girocode plugin <= 0.5.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin SEPA Girocode versions = 0.5.1...

WordPress BP Profile as Homepage plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin BP Profile as Homepage versions = 1.1...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Broken Access Control

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9941 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 71c6636a78f1 Credits Tonn Required privilege Subscriber...

WordPress CM Business Directory Plugin – Business Listing Directory Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software CM Business Directory Plugin – Business Listing Directory Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...

WordPress Run Contests, Raffles, and Giveaways with ContestsWP Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Run Contests, Raffles, and Giveaways with ContestsWP Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Contact Form 7 Email Add on Plugin <= 1.9 is vulnerable to Local File Inclusion

Software Contact Form 7 Email Add on Type Plugin Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10898 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 980fef2f1e67 Credits Le Ngoc Anh Required privilege...

WordPress Community by PeepSo Plugin <= 6.4.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Community by PeepSo Type Plugin Vulnerable versions = 6.4.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11447 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9789945f6fbd Credits rajanhoyr...

WordPress Ashe Theme <= 2.243 is vulnerable to Cross Site Scripting (XSS)

Software Ashe Type Theme Vulnerable versions = 2.243 Fixed in 2.244 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ba0e6cd8ae8 Credits vgo0 Required privilege...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9653 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc2c8b0bae5b Credits Peter...

WordPress ProfileGrid Plugin <= 5.9.3.6 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.6 Fixed in 5.9.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10900 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7fdd2a43e49 Credits 1337Wannabe Required...

WordPress Awesome Studio Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Studio Type Plugin Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83cb8daf8eb9 Credits Le Ngoc Anh Required privilege...

WordPress Popup box Plugin <= 4.9.7 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10861 Patch priority Low CVSS severity Low 5.2 Developer Claim ownership PSID bfd2e007cc0d Credits Trương Hữu Phúc truonghuuphuc...

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

WordPress Plenigo Plugin <= 1.12.0 is vulnerable to Cross Site Scripting (XSS)

Software Plenigo Type Plugin Vulnerable versions = 1.12.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51832 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be08c327ab53 Credits SOPROBRO Required privilege Contributor Publish...

WordPress CE21 Suite Plugin <= 2.2.0 is vulnerable to Sensitive Data Exposure

Software CE21 Suite Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-10285 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6f3d12b67220 Credits István Márton Required privilege...

WordPress HB AUDIO GALLERY Plugin <= 3.0 is vulnerable to Arbitrary File Upload

Software HB AUDIO GALLERY Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51790 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 40d2c24127c2 Credits stealthcopter Required privilege...

WordPress Provide Forex Signals Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Provide Forex Signals Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52344 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 641cced34713 Credits SOPROBRO Required privilege...

WordPress News Articles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software News Articles Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b2e622b9d30c Credits SOPROBRO Required privilege Contributor...

WordPress Booking Calendar Plugin < 10.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions 10.6.3 Fixed in 10.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10027 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 999b4bfc809b Credits Dmitrii Ignatyev...

WordPress Event post Plugin <= 5.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Event post Type Plugin Vulnerable versions = 5.9.6 Fixed in 5.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10186 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f5c01437fb3d Credits Peter Thaleikis Required...

WordPress WooCommerce Social Login Plugin <= 2.7.7 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10114 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 36095483e627 Credi...

WordPress Media Library Assistant Plugin <= 3.19 is vulnerable to Remote Code Execution (RCE)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.19 Fixed in 3.20 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-51661 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID a84f9b05189b Credits Certus Cybersecurity Required...

WordPress Contact Form 7 Telegram Plugin <= 0.8.5 is vulnerable to Broken Access Control

Software Contact Form 7 Telegram Type Plugin Vulnerable versions = 0.8.5 Fixed in 0.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc9031e15885 Credits István Márton Required...

WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication

Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...

WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload

Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50484 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3feda20596e4 Credits Bonds Required privilege...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9864 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1a0ade328fdb Credits zer0gh0st Required...

WordPress Premium SEO Pack Plugin <= 1.6.001 is vulnerable to SQL Injection

Software Premium SEO Pack Type Plugin Vulnerable versions = 1.6.001 Fixed in 1.6.002 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50465 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 56b65671a73e Credits Hakiduck Required privilege Contributor...

WordPress AMP for WP Plugin <= 1.0.99.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AMP for WP Type Plugin Vulnerable versions = 1.0.99.1 Fixed in 1.0.99.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9598 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 79afb46366eb Credits David Gallagher...

WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to SQL Injection

Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10341 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e710f3b6d815 Credits István Márton Required privilege...

WordPress WooCommerce UPS Shipping – Live Rates and Access Points Plugin <= 2.3.11 is vulnerable to Broken Access Control

Software WooCommerce UPS Shipping – Live Rates and Access Points Type Plugin Vulnerable versions = 2.3.11 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9109 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3cccbff59...

WordPress Namaste! LMS Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Namaste! LMS Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50409 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 084203fa02ee Credits Hakiduck Required privilege Student...

WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9943 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfdf428207b9 Credits wesley wcraft Require...

WordPress Photo Gallery Builder Plugin <= 3.0 is vulnerable to Broken Access Control

Software Photo Gallery Builder Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49325 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db6c940f3de7 Credits Marek Mikita Required...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Arbitrary File Upload

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49291 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ca91d1c3c8bf Credits RE-ALTER Required privilege Unauthenticated...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

WordPress Contact Form by Supsystic Plugin <= 1.7.28 is vulnerable to Remote Code Execution (RCE)

Software Contact Form by Supsystic Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-48042 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 062050e33e8e Credits Hakiduck Required privile...

WordPress Easy PayPal Gift Certificate Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy PayPal Gift Certificate Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e85fe46e59dc Credits István...

WordPress SB Random Posts Widget Plugin <= 1.0 is vulnerable to Local File Inclusion

Software SB Random Posts Widget Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-48029 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4e7fd324ea44 Credits João Pedro S Alcântara Kinorth Required...

WordPress Contact Form Widget Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form Widget Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-48037 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cb5ac9f9e50 Credits Abdi Pranata...