WordPress Additional Order Filters for WooCommerce Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)

Software Additional Order Filters for WooCommerce Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11418 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc82eea5b06e...

WordPress Rescue Shortcodes Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9032d40ace0e Credits Peter Thaleikis Required...

WordPress April's Call Posts Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software April's Call Posts Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53730 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5fa9ffdca641 Credits SOPROBRO Required...

WordPress Product Table for WooCommerce Plugin <= 3.5.1 is vulnerable to Sensitive Data Exposure

Software Product Table for WooCommerce Type Plugin Vulnerable versions = 3.5.1 Fixed in 3.5.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10813 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 157ba908784e Credits Nathan...

WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication

Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...

WordPress WIP Incoming Lite Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WIP Incoming Lite Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11416 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d449e884123c Credits SOPROBRO Requir...

WordPress Premium Packages Plugin <= 5.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.9.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e294ff14d79a Credits Peter Thaleikis Required...

WordPress Grip Theme <= 1.0.9 is vulnerable to Arbitrary File Upload

Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b55cacdb5723 Credits Mika Required privilege Subscriber Published 20...

WordPress Bard Theme <= 2.216 is vulnerable to Cross Site Scripting (XSS)

Software Bard Type Theme Vulnerable versions = 2.216 Fixed in 2.217 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9830 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43a6b249026a Credits vgo0 Required privilege...

WordPress WPB Popup for Contact Form 7 Plugin <= 1.7.5 is vulnerable to Broken Access Control

Software WPB Popup for Contact Form 7 Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b3456d161fd Credits Arkadiusz...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9653 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

WordPress WooCommerce Product Table Lite Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Table Lite Type Plugin Vulnerable versions = 3.8.6 Fixed in 3.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10899 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 3a15e4b0ec96 Credits...

WordPress Login using WordPress Users ( WP as SAML IDP ) Plugin <= 1.15.6 is vulnerable to SQL Injection

Software Login using WordPress Users WP as SAML IDP Type Plugin Vulnerable versions = 1.15.6 Fixed in 1.15.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9887 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 995b569a43b5 Credits Lesor101 Required...

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...

WordPress Themify Builder Plugin <= 7.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f592b7b1efcd Credits João Pedro S Alcântara Kinorth Required...

WordPress Datasets Manager by Arttia Creative Plugin <= 1.5 is vulnerable to Arbitrary File Upload

Software Datasets Manager by Arttia Creative Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52375 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c894c89a63d1 Credits stealthcopter Required...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress Poll Maker Plugin <= 5.4.6 is vulnerable to SQL Injection

Software Poll Maker Type Plugin Vulnerable versions = 5.4.6 Fixed in 5.4.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9874 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 26f7f7b011e3 Credits tmrswrr Required privilege Administrator Published 8...

WordPress Landing Page Cat Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a9da6507309 Credits vgo0 Required...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

WordPress News Articles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software News Articles Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b2e622b9d30c Credits SOPROBRO Required privilege Contributor...

WordPress Stylish Internal Links Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Stylish Internal Links Type Plugin Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51939 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 514970e5a542 Credits Zlrqh Required privilege Contributo...

WordPress Booking Calendar Plugin < 10.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions 10.6.3 Fixed in 10.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10027 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 999b4bfc809b Credits Dmitrii Ignatyev...

WordPress Table of Contents Plus Plugin <= 2411 is vulnerable to Cross Site Scripting (XSS)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2411 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5578 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 487fd7341438 Credits Dmitrii Ignatyev...

WordPress Element Pack Elementor Addons Plugin <= 5.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.10.2 Fixed in 5.10.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9657 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff0e5049a Credits Webberna...

WordPress NMR Strava activities Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software NMR Strava activities Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51603 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e4915bebbc1d Credits SOPROBRO Required privilege...

WordPress Website price calculator Plugin <= 4.1 is vulnerable to SQL Injection

Software Website price calculator Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51601 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 363bcb5a02a5 Credits LVT-tholv2k Required privilege Contributor...

WordPress Bigmart Elements Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Bigmart Elements Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51589 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 12ab0da677da Credits Gab Required privilege Contributor...

WordPress Lodgix.com Vacation Rental Website Builder Plugin <= 3.9.73 is vulnerable to SQL Injection

Software Lodgix.com Vacation Rental Website Builder Type Plugin Vulnerable versions = 3.9.73 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50539 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c031fbb0d00d Credits LVT-tholv2k Required...

WordPress Stars SMTP Mailer Plugin <= 1.7 is vulnerable to Arbitrary File Upload

Software Stars SMTP Mailer Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50530 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f048023ff8ae Credits stealthcopter Required privilege Subscrib...

WordPress Stacks Mobile App Builder Plugin <= 5.2.3 is vulnerable to Sensitive Data Exposure

Software Stacks Mobile App Builder Type Plugin Vulnerable versions = 5.2.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-50528 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f961db867cb7 Credits stealthcopter...

WordPress Countdown & Clock Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Countdown & Clock Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50516 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a62aad6194f2 Credits Hwang Se-yeon Required privilege...

WordPress PegaPoll Plugin <= 1.0.2 is vulnerable to Privilege Escalation

Software PegaPoll Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50490 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 48854d9a251a Credits Mika Required...

WordPress Woocommerce Product Design Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Woocommerce Product Design Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50482 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 410808c7ca79 Credits Bonds Required privilege...

WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software DarkMySite – Advanced Dark Mode Plugin for WordPress Type Plugin Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-50466 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Interactive World Map Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Interactive World Map Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50462 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a6a52b085c5 Credits Sc1duck Required privilege...

WordPress Import and export users and customers Plugin <= 1.27.5 is vulnerable to Cross Site Scripting (XSS)

Software Import and export users and customers Type Plugin Vulnerable versions = 1.27.5 Fixed in 1.27.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50413 Patch priority Low CVSS severity Low 5.9 Developer Codection PSID 2e6cb770bca3 Credits UKO Required privile...

WordPress WP Abstracts Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-50411 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6551529121f6 Credits UKO Required privilege Administrato...

WordPress Landing Page Cat Plugin <= 1.7.4 is vulnerable to Broken Access Control

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49686 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e5075f159b75 Credits savphill Required privilege...

WordPress WPKoi Templates for Elementor Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WPKoi Templates for Elementor Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-49679 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 90b6d1565959 Credits ghsinfose...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9347 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID c3aa4715ec21...

WordPress Calculated Fields Form Plugin <= 5.2.45 is vulnerable to Content Injection

Software Calculated Fields Form Type Plugin Vulnerable versions = 5.2.45 Fixed in 5.2.46 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9940 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bb237d0845c6 Credits Max Boll b0lli Required privile...

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Privilege Escalation

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-9863 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 768f87fd904b Credits...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8918 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 8b2de26c1b42 Credits TANG Cheuk Hei siunam Required privile...

WordPress Recently Plugin <= 1.1 is vulnerable to PHP Object Injection

Software Recently Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49218 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dfdd033e65c6 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Easy PayPal Gift Certificate Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy PayPal Gift Certificate Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e85fe46e59dc Credits István...

WordPress WordPress Comments Import & Export Plugin <= 2.3.7 is vulnerable to Directory Traversal

Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-7514 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 06055d28d8b6 Credits scottaglia Required...

WordPress WP Users Masquerade Plugin <= 2.0.0 is vulnerable to Broken Authentication

Software WP Users Masquerade Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9522 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb305b8e1a56 Credits Istvá...

WordPress Easy Social Share Buttons Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 1.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db873cfad5a2 Credits vgo0...