WordPress XStore Theme <= 9.3.8 is vulnerable to SQL Injection

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33559 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0996b4472188 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Auto Featured Image (Auto Post Thumbnail) Plugin <= 4.1.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-33629 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.3 is vulnerable to Broken Access Control

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33565 Patch priority High CVSS severity High 9.1 Developer DMitry PSID 256e9c100507 Credits Rafie...

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

WordPress WordPress Backup & Migration Plugin <= 1.4.8 is vulnerable to Broken Access Control

Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3546 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7fb4d86b8e12 Credits Krzysztof Zając...

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...

WordPress Login with phone number Plugin <= 1.6.93 is vulnerable to Broken Access Control

Software Login with phone number Type Plugin Vulnerable versions = 1.6.93 Fixed in 1.6.94 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32832 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID 862bfb83b7e9 Credits Majed Refaea Require...

WordPress Newsletters Plugin <= 4.9.5 is vulnerable to Arbitrary File Upload

Software Newsletters Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32954 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID a5967c6d63a9 Credits Peng Zhou Required privilege Administrator...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion

Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...

WordPress Paid Memberships Pro Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3215 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 707f90cd781b Credits Whit Taylor...

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control

Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31367 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e4cc84a70d34 Credits Rafie Muhammad Patchstack Required...

WordPress Contact Form Email Plugin <= 1.3.44 is vulnerable to Sensitive Data Exposure

Software Contact Form Email Type Plugin Vulnerable versions = 1.3.44 Fixed in 1.3.45 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-31302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 17dc1fca0d2c Credits...

WordPress Social Icons Widget & Block by WPZOOM Plugin <= 4.2.15 is vulnerable to Broken Access Control

Software Social Icons Widget & Block by WPZOOM Type Plugin Vulnerable versions = 4.2.15 Fixed in 4.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30464 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 49894ab6e8af Credits Rafie...

WordPress Essential Blocks for Gutenberg Plugin <= 4.4.9 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30467 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 54c35d565aef Credits Rafie Muhamma...

WordPress OSS Aliyun Plugin <= 1.4.10 is vulnerable to SQL Injection

Software OSS Aliyun Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30494 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f4acc3b1af32 Credits Majed Refaea Required privilege Administrator...

WordPress Finale Lite Plugin <= 2.18.0 is vulnerable to Remote Code Execution (RCE)

Software Finale Lite Type Plugin Vulnerable versions = 2.18.0 Fixed in 2.18.1 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-30485 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 351260d95e05 Credits Yudistira Arya Required...

WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure

Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...

WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...

WordPress Post SMTP Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29128 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID d4415453cdb3 Credits Le Ngoc Anh Required privilege Unauthenticat...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.5.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27994 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 8464da6f5a09 Credits Yudistira Arya Required...

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...

WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2015-10130 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e4875511ed9 Credit...

WordPress Newsletter2Go Plugin <= 4.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter2Go Type Plugin Vulnerable versions = 4.0.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1328 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1277fbb17528 Credits Francesco Carlucci...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

WordPress Calculated Fields Form Plugin 5.0.0-5.1.56 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions 5.0.0-5.1.56 Fixed in 5.1.57 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2020 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f60c98fd9fe8 Credits Asaf...

WordPress Popup Builder Plugin < 4.2.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Popup Builder Type Plugin Vulnerable versions 4.2.6 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-6294 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 573393918c2e Credits Sebastian Neef Required...

WordPress Directorist Plugin <= 7.8.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.4 Fixed in 7.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1322 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd1efe90eebb Credits Lucio Sá Required privilege...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25593 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 87e47cb4335f Credits Ngô Thiên An ancorn...

WordPress Livemesh Addons for Elementor Plugin <= 8.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.2 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1235 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ab5cdd31d383 Credits Webbernaut...

WordPress Popup More Popups Plugin <= 2.2.4 is vulnerable to Local File Inclusion

Software Popup More Popups Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-0844 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 12b7d2f01a9e Credits 0x9567b Required privilege Administrator...

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Broken Access Control

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9624a396772c Credits Francesco Carlucci Required privilege...

WordPress SEO Plugin by Squirrly SEO Plugin <= 12.3.15 is vulnerable to Cross Site Scripting (XSS)

Software SEO Plugin by Squirrly SEO Type Plugin Vulnerable versions = 12.3.15 Fixed in 12.3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0597 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 936a9441c323 Credits Akbar...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.25 Fixed in 1.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22146 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 017c71c1dfc3 Credits LVT-tholv2k Requir...

WordPress Checkout Mestres WP Plugin <= 7.1.9.7 is vulnerable to Privilege Escalation

Software Checkout Mestres WP Type Plugin Vulnerable versions = 7.1.9.7 Fixed in 7.1.9.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51472 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9fb8ab95cc18 Credits...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.2.1 is vulnerable to Privilege Escalation

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.3.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51546 Patch priority Medium CVSS severity Medium...

WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Open Redirection

Software Advanced Access Manager Type Plugin Vulnerable versions = 6.9.18 Fixed in 6.9.19 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2023-51675 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 56c8b177a6e3 Credits LVT-tholv2k Required privilege Autho...

WordPress JVM rich text icons Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload

Software JVM rich text icons Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-51417 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b7c089e25bbe Credits Rafie Muhammad Patchstack Required...

WordPress Quiz And Survey Master Plugin <= 8.1.16 is vulnerable to Broken Access Control

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.16 Fixed in 8.1.17 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51507 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a01b6a13b8b9 Credits Revan Arifio Require...

WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webba Booking Type Plugin Vulnerable versions = 4.5.33 Fixed in 5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51354 Patch priority Low CVSS severity Low 4.3 Developer Webba Plugins PSID a11b85f9cf3e Credits Skalucy Required privile...

WordPress Contact Form Email Plugin < 1.3.44 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Email Type Plugin Vulnerable versions 1.3.44 Fixed in 1.3.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5955 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb1785c31d96 Credits Mohamed Azarudheen...

WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Ibtana Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Ibtana Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6684 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6212e7800b8c Credits István Márton Required privileg...

WordPress WappPress Plugin <= 5.0.3 is vulnerable to Arbitrary File Upload

Software WappPress Type Plugin Vulnerable versions = 5.0.3 Fixed in 6.0.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-49815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7f1643a48293 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection

Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49187 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a67ee23d6891 Credits RE-ALTER Required privilege...