WordPress PixelYourSite PRO Plugin <= 10.4.2 is vulnerable to Sensitive Data Exposure

Software PixelYourSite PRO Type Plugin Vulnerable versions = 10.4.2 Fixed in 10.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7870 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c3722df4917d Credits Xetnus Required...

WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control

Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...

WordPress The Post Grid Plugin <= 7.7.11 is vulnerable to Sensitive Data Exposure

Software The Post Grid Type Plugin Vulnerable versions = 7.7.11 Fixed in 7.7.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7418 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID 5912b382937d Credits stealthcopter Required...

WordPress Xpro Elementor Addons Plugin <= 1.4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.3 Fixed in 1.4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 93f87661de72 Credits WordFence...

WordPress WP Armour Extended Plugin <= 1.26 is vulnerable to Cross Site Scripting (XSS)

Software WP Armour Extended Type Plugin Vulnerable versions = 1.26 Fixed in 1.32 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43948 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID eed4499d2f01 Credits Dave Jong Patchstack Required...

WordPress Bricks Builder Theme <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bricks Builder Type Theme Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3408 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a8763892e84e Credits Ram Required privilege...

WordPress Brave Popup Builder Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Brave Popup Builder Type Plugin Vulnerable versions = 0.7.0 Fixed in 0.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43337 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04312f740763 Credits Ananda Dhakal...

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.17.1 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Notice & Compliance for GDPR / CCPA Type Plugin Vulnerable versions = 2.4.17.1 Fixed in 2.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-3399 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1b0453de5cdc...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...

WordPress Falang multilanguage Plugin <= 1.3.52 is vulnerable to Broken Access Control

Software Falang multilanguage Type Plugin Vulnerable versions = 1.3.52 Fixed in 1.3.53 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6869 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 001e21802ca4 Credits Lucio Sá Required...

WordPress Selection Lite Plugin <= 1.11 is vulnerable to Cross Site Scripting (XSS)

Software Selection Lite Type Plugin Vulnerable versions = 1.11 Fixed in 1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d02eb7c2b01 Credits 4rCanJ0x! Required privilege Contributor...

WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6651 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f705fe24e0ac Credits Đức Tài...

WordPress Sync Post With Other Site Plugin <= 1.6 is vulnerable to Broken Access Control

Software Sync Post With Other Site Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6709 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 159a5eca941a Credits Lucio Sá Required...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

WordPress CTT Expresso para WooCommerce Plugin <= 3.2.12 is vulnerable to Sensitive Data Exposure

Software CTT Expresso para WooCommerce Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.2.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6687 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 27468c538b68 Credits Ricardo...

WordPress Tainacan Plugin <= 0.21.7 is vulnerable to Arbitrary File Download

Software Tainacan Type Plugin Vulnerable versions = 0.21.7 Fixed in 0.21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-7135 Patch priority High CVSS severity High 6.5 Developer Tainacan Community PSID 93c06fdd2c5c Credits 1337Wannabe Required privile...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.20 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.20 Fixed in 3.19.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 581cfa0b62a8...

WordPress WP Event Manager Plugin <= 3.1.43 is vulnerable to Cross Site Scripting (XSS)

Software WP Event Manager Type Plugin Vulnerable versions = 3.1.43 Fixed in 3.1.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2691 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 244e2b26df97 Credits Krzysztof Zając...

WordPress OpenPGP Form Encryption Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software OpenPGP Form Encryption Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3919 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 357d35b3d36d Credits Bob Matyas Require...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5033 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1486b242ed58 Credits Bob Matyas Required privilege...

WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6317 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8ce1a2d4086e Credits...

WordPress Modern Events Calendar Plugin <= 7.11.0 is vulnerable to Arbitrary File Upload

Software Modern Events Calendar Type Plugin Vulnerable versions = 7.11.0 Fixed in 7.12.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-5441 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ef52f2e3acfd Credits Foxyyy Required privilege...

WordPress WPCafe Plugin <= 2.2.27 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.27 Fixed in 2.2.28 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37513 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 939a4f465f21 Credits João Pedro S Alcântara Kinorth Requir...

WordPress BookYourTravel Theme <= 8.18.17 is vulnerable to Privilege Escalation

Software BookYourTravel Type Theme Vulnerable versions = 8.18.17 Fixed in 8.18.19 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37952 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8b015f16ebdc Credits Dave Jong Patchstack...

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37427 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d73e6a480d4b Credits Manab Jyoti Dowarah Required...

WordPress SEO SIMPLE PACK Plugin <= 3.2.1 is vulnerable to Sensitive Data Exposure

Software SEO SIMPLE PACK Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2795 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b6dc01036030 Credits Krzysztof Zając Required...

WordPress Photo Gallery by Ays Plugin < 5.7.1 is vulnerable to Content Injection

Software Photo Gallery by Ays Type Plugin Vulnerable versions 5.7.1 Fixed in 5.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-37442 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 76b249292f10 Credits Ibnu Ubaeydillah Required privilege...

WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Broken Access Control

Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37440 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 7a86d2a04714 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Masterstudy Elementor Widgets Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Masterstudy Elementor Widgets Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c3068c566a95 Credits Rafie Muhammad...

WordPress SEOPress Plugin < 7.8 is vulnerable to Open Redirection

Software SEOPress Type Plugin Vulnerable versions 7.8 Fixed in 7.8 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4900 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID 872385ee96c3 Credits Dmitrii Ignatyev Required privilege Contributor Published 24...

WordPress WP Post Author Plugin <= 3.6.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Post Author Type Plugin Vulnerable versions = 3.6.7 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37101 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 123a43620732 Credits Khalid Yusuf Required privilege...

WordPress Wheel of Life Plugin <= 1.1.7 is vulnerable to Broken Access Control

Software Wheel of Life Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3627 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 68abc18dc3c6 Credits Lucio Sá Required privilege...

WordPress Sirv Plugin <= 7.2.6 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.6 Fixed in 7.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-5853 Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID b8d1b016bf81 Credits Lucio Sá Required privilege Contributor Published 18 June,...

WordPress WP Job Portal Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Job Portal Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35760 Patch priority Low CVSS severity Low 5.9 Developer Ahmad PSID 4b9d73fda6dd Credits LuxF0z Required privilege Administrator Published ...

WordPress Search & Replace Plugin < 3.2.2 is vulnerable to SQL Injection

Software Search & Replace Type Plugin Vulnerable versions 3.2.2 Fixed in 3.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4145 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 279ec626c422 Credits Krugov Artyom Required privilege Administrator...

WordPress InstaWP Connect Plugin <= 0.1.0.38 is vulnerable to Broken Access Control

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.38 Fixed in 0.1.0.39 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4898 Patch priority High CVSS severity High 9.8 Developer InstaWP PSID 3572e9bad95d Credits Truoc Phan Required privilege...

WordPress Qi Addons For Elementor Plugin <= 1.7.2 is vulnerable to Local File Inclusion

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4887 Patch priority Low CVSS severity Low 8.5 Developer Qode Interactive PSID c1cece0585f4 Credits haidv35 Required privilege...

WordPress Qi Addons For Elementor Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4364 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 0676734b6c2d Credits wesley wcraft...

WordPress WP Time Slots Booking Form Plugin <= 1.2.11 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35735 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 00d0e255c1a4 Credits Manab Jyoti...

WordPress WP Time Slots Booking Form Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35734 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 153040c885cf Credits Manab Jyoti Dowarah...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2087 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ead457b1b8e9 Credits wesley wcraft Required...

WordPress GP Premium Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software GP Premium Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dbeca6e72752 Credits 1337Wannabe - home M.Aw...

WordPress EmbedPress Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09e449af3af2 Credits wesley wcraft Required...

WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5324 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8315f4731f19 Credits 1337Wannabe - home Requir...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Cowidgets – Elementor Addons Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Cowidgets – Elementor Addons Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-35782 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1726a663f670 Credits Khalid Yus...

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...

WordPress WP ViperGB Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ViperGB Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4409 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce16817d4da2 Credits Benedictus Jovan aillesiM...