46662 matches found
WordPress Royal Elementor Kit Theme <= 1.0.116 is vulnerable to Cross Site Request Forgery (CSRF)
Software Royal Elementor Kit Type Theme Vulnerable versions = 1.0.116 Fixed in 1.0.117 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32773 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4da5c371e0b8 Credits Dhabaleshwar...
WordPress WP Club Manager Plugin <= 2.2.11 is vulnerable to Broken Access Control
Software WP Club Manager Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32719 Patch priority Low CVSS severity Low 5.3 Developer WP Club Manager PSID 9c15961e31ea Credits Mika Required privilege...
WordPress User Registration Plugin <= 3.1.5 is vulnerable to Broken Access Control
Software User Registration Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2417 Patch priority High CVSS severity High 8.8 Developer Masteriyo PSID f4d185ab446a Credits Stiofan Required privilege...
WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WP 404 Auto Redirect to Similar Post Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32559 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c85034ba240a Credits AtaTurk1925...
WordPress Master Slider Plugin <= 3.9.8 is vulnerable to Cross Site Scripting (XSS)
Software Master Slider Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32580 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7119ccf52d56 Credits LVT-tholv2k Required privilege Contribut...
WordPress WPBakery Page Builder Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS)
Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.5 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1805 Patch priority Low CVSS severity Low 6.5 Developer WPBakery PSID 39eddcd5a992 Credits Nikolas Required privilege...
WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control
Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...
WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...
WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Legal Pages versions = 1.4.2...
WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Libsyn Publisher Hub Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32141 Patch priority Low CVSS severity Low 4.3 Developer Libsyn PSID c755cb3750aa Credits Majed Refaea Required...
WordPress Livemesh Addons for Elementor Plugin <= 8.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.6 Fixed in 8.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2539 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 9c3c1e135bc7 Credits Ngô Thiên ...
WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID de601e918847 Credits Dhabaleshwar Das Required...
WordPress NextGEN Gallery Plugin <= 3.59 is vulnerable to Broken Access Control
Software NextGEN Gallery Type Plugin Vulnerable versions = 3.59 Fixed in 3.59.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3097 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1d6376e4869c Credits Peng Zhou Required privilege...
WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.2 is vulnerable to Broken Access Control
Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3216 Patch priority Low CVSS severity Low 5.3 Developer Claim...
WordPress is vulnerable to Sensitive Data Exposure
Software WordPress Type WordPress Core Vulnerable versions = 6.4.3 Fixed in 6.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5692 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5d6f8d7b72aa Credits Francesco Carlucci Require...
WordPress Contact Form Email Plugin <= 1.3.44 is vulnerable to Sensitive Data Exposure
Software Contact Form Email Type Plugin Vulnerable versions = 1.3.44 Fixed in 1.3.45 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-31302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 17dc1fca0d2c Credits...
WordPress Tracking Code Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control
Software Tracking Code Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51665fb13771 Credits Abdi Pranata Required...
WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to PHP Object Injection
Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3018 Patch priority Low CVSS severity Low 8 Developer WPDeveloper PSID b599dd4e668d Credits Ngô Thiên An ancorn Required...
WordPress Finale Lite Plugin <= 2.18.0 is vulnerable to Remote Code Execution (RCE)
Software Finale Lite Type Plugin Vulnerable versions = 2.18.0 Fixed in 2.18.1 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-30485 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 351260d95e05 Credits Yudistira Arya Required...
WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...
WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure
Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...
WordPress Post SMTP Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)
Software Post SMTP Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29128 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID d4415453cdb3 Credits Le Ngoc Anh Required privilege Unauthenticat...
WordPress WP Armour – Honeypot Anti Spam Plugin <= 2.1.13 is vulnerable to Cross Site Scripting (XSS)
Software WP Armour – Honeypot Anti Spam Type Plugin Vulnerable versions = 2.1.13 Fixed in 2.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29091 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0e1821a09d0d Credits Rafie Muhammad...
WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)
Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.5.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27994 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 8464da6f5a09 Credits Yudistira Arya Required...
WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)
Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...
WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control
Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1170 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 07e9d4cd19c1 Credits Lucio Sá Required privilege...
WordPress Download Manager Plugin <= 3.2.84 is vulnerable to Broken Access Control
Software Download Manager Type Plugin Vulnerable versions = 3.2.84 Fixed in 3.2.85 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6785 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 049e661b5aa7 Credits wesley wcraft Required...
WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...
WordPress Elementor Pro Plugin <= 3.19.2 is vulnerable to Sensitive Data Exposure
Software Elementor Pro Type Plugin Vulnerable versions = 3.19.2 Fixed in 3.19.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-23523 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4d0340c1078 Credits Dynamic.ooo Team Required...
WordPress Simple Job Board Plugin <= 2.10.8 is vulnerable to Broken Access Control
Software Simple Job Board Type Plugin Vulnerable versions = 2.10.8 Fixed in 2.11.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0593 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 752406ce2200 Credits Krzysztof Zając Required...
WordPress Popup Builder Plugin < 4.2.6 is vulnerable to Server Side Request Forgery (SSRF)
Software Popup Builder Type Plugin Vulnerable versions 4.2.6 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-6294 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 573393918c2e Credits Sebastian Neef Required...
WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload
Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25913 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 08fbe7e305e7 Credits Dave Jong Patchstack Required privilege Unauthenticat...
WordPress Livemesh Addons for Elementor Plugin <= 8.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.2 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1235 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ab5cdd31d383 Credits Webbernaut...
WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Broken Access Control
Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9624a396772c Credits Francesco Carlucci Required privilege...
WordPress Autotitle for WordPress Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Autotitle for WordPress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6946 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 89d669161c10 Credits Daniel Ruf...
WordPress WordPress Toolbar Plugin <= 2.2.6 is vulnerable to Open Redirection
Software WordPress Toolbar Type Plugin Vulnerable versions = 2.2.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2023-6389 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ae5087bc3d96 Credits Daniel Ruf Required privilege Unauthenticated...
WordPress Sticky Buttons Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Sticky Buttons Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0703 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ba3529117da4 Credits Dipak Panchal th3.d1p4k...
WordPress Essential Addons for Elementor Plugin <= 5.9.4 is vulnerable to Cross Site Scripting (XSS)
Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.4 Fixed in 5.9.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0585 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID 34afcc9985b8 Credits Webbernaut...
WordPress InstaWP Connect Plugin <= 0.1.0.8 is vulnerable to Privilege Escalation
Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.8 Fixed in 0.1.0.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-22145 Patch priority High CVSS severity High 8.8 Developer InstaWP PSID f661e38694ec Credits Majed Refae...
WordPress CformsII Plugin <= 15.0.6 is vulnerable to Cross Site Scripting (XSS)
Software CformsII Type Plugin Vulnerable versions = 15.0.6 Fixed in 15.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22149 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2aac355b9ab7 Credits emad Required privilege Unauthenticat...
WordPress Depicter Slider Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Depicter Slider Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6493 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 15e2f683e7f4 Credits Rafshanzani Suhada...
WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection
Software WP SMS Type Plugin Vulnerable versions = 6.5 Fixed in 6.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6981 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0cdcc4de6b6a Credits Krzysztof Zając Required privilege Administrator Published 3...
WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Insecure Direct Object References (IDOR)
Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6223 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d81a8f21bcf7 Credits lttn Required...
WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection
Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...
WordPress Product Feed Manager Plugin <= 7.3.15 is vulnerable to Directory Traversal
Software Product Feed Manager Type Plugin Vulnerable versions = 7.3.15 Fixed in 7.3.16 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2023-52144 Patch priority Low CVSS severity Low 5.5 Developer WPFunnels Team PSID 19683c0fecc1 Credits Muhammad Daffa Required privile...
WordPress Build App Online Plugin <= 1.0.21 is vulnerable to Privilege Escalation
Software Build App Online Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51478 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30eb1e208be5 Credits Rafi...
WordPress Checkout Mestres WP Plugin <= 7.1.9.7 is vulnerable to Privilege Escalation
Software Checkout Mestres WP Type Plugin Vulnerable versions = 7.1.9.7 Fixed in 7.1.9.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51472 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9fb8ab95cc18 Credits...
WordPress Booster Elite for WooCommerce Plugin < 7.1.3 is vulnerable to Content Injection
Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.3 Fixed in 7.1.3 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-51511 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1e2bd30a7dcc Credits Dave Jong...
WordPress Media File Renamer Plugin <= 5.7.7 is vulnerable to Arbitrary File Upload
Software Media File Renamer Type Plugin Vulnerable versions = 5.7.7 Fixed in 5.7.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-50897 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 364780c1ddc1 Credits Taihei Shimamine Required privilege...
WordPress Beaver Builder Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Beaver Builder Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50889 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c34e72dc456f Credits Rafie Muhammad Patchstack Required...