WordPress Hash Form Plugin <= 1.1.9 is vulnerable to Arbitrary File Upload

Software Hash Form Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9417 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 599a3ecad6e0 Credits Rein Daelman trein Required privilege...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20867 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38d705c1f970 Credits Keitaro Yamazaki...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...

WordPress Ajax Load More Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Load More Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8505 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 333f5ab48634 Credits Robert DeVore Required...

WordPress 123.chat Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software 123.chat Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7869 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b37a33a87966 Credits Shebu B sh3bu Required...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.121 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.121 Fixed in 1.5.122 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45454 Patch priority Medium CVSS severity Medium 7.1 Developer Unlimited Elements PS...

WordPress JupiterX Core Plugin <= 4.7.5 is vulnerable to Broken Authentication

Software JupiterX Core Type Plugin Vulnerable versions = 4.7.5 Fixed in 4.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4950f50fad7a Credits Geo Void...

WordPress Elements kit Elementor addons Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8546 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 43112ffb0d64 Credits zer0gh0st Required...

WordPress ThemeHunk Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software ThemeHunk Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8434 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0bcea717beb5 Credits Lucio Sá Required privilege Subscrib...

WordPress Material Design Icons Plugin <= 0.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Material Design Icons Type Plugin Vulnerable versions = 0.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9024 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df04d692c3af Credits Brian Sans-Souci...

WordPress Contact Form 7 Campaign Monitor Extension Plugin <= 0.4.67 is vulnerable to Broken Access Control

Software Contact Form 7 Campaign Monitor Extension Type Plugin Vulnerable versions = 0.4.67 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44019 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 11a927ecc073 Credits Abdi...

WordPress Houzez Theme <= 3.2.4 is vulnerable to Privilege Escalation

Software Houzez Type Theme Vulnerable versions = 3.2.4 Fixed in 3.3.0 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-22303 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 51553a618b56 Credits luc Required privilege Subscriber...

WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks – Unlimited blocks For Gutenberg Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3478300c8758 Credits...

WordPress Carousel Slider Plugin < 2.2.14 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.14 Fixed in 2.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f793427535a Credits Krugov Artyom Required...

WordPress Exit Notifier Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Exit Notifier Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f179ddd5b3e3 Credits vgo0 Required privileg...

WordPress Spiffy Calendar Plugin <= 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.13 Fixed in 4.9.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45457 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 13b96c5bb01a Credits LVT-tholv2k Required privilege...

WordPress Spiffy Calendar Plugin <= 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.13 Fixed in 4.9.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6044522ff419 Credits LVT-tholv2k Required privilege...

WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.12 is vulnerable to Broken Access Control

Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5309 Patch priority Low CVSS severity Low 5.4 Developer WPVibes PSID abc9bfead98c Credits Peter Thaleikis...

WordPress Bit File Manager Plugin 6.0-6.5.5 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions 6.0-6.5.5 Fixed in 6.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-7627 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 8d646fb4b08e Credits TANG Cheuk Hei siunam Required...

WordPress Web Directory Free Plugin < 1.7.3 is vulnerable to Local File Inclusion

Software Web Directory Free Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3673 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4fbe470a086 Credits Simone Onofri Kim Cerra Andrea De...

WordPress CoBlocks Plugin < 3.1.13 is vulnerable to Cross Site Scripting (XSS)

Software CoBlocks Type Plugin Vulnerable versions 3.1.13 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec557475360 Credits Dmitrii Ignatyev Required...

WordPress Happyforms Plugin <= 1.26.0 is vulnerable to Cross Site Scripting (XSS)

Software Happyforms Type Plugin Vulnerable versions = 1.26.0 Fixed in 1.26.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44063 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d6c37633b847 Credits Michael Required privilege Author Publish...

WordPress The Post Grid Plugin <= 7.7.11 is vulnerable to Sensitive Data Exposure

Software The Post Grid Type Plugin Vulnerable versions = 7.7.11 Fixed in 7.7.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7418 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID 5912b382937d Credits stealthcopter Required...

WordPress Funnel Kit Funnel Builder PRO Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Funnel Kit Funnel Builder PRO Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1056 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1faa8fa285 Credits Francesco...

WordPress DSGVO All in one for WP Plugin <= 4.5 is vulnerable to Cross Site Scripting (XSS)

Software DSGVO All in one for WP Type Plugin Vulnerable versions = 4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43964 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7d6d328e43e7 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress WP Armour Extended Plugin <= 1.26 is vulnerable to Cross Site Scripting (XSS)

Software WP Armour Extended Type Plugin Vulnerable versions = 1.26 Fixed in 1.32 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43948 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID eed4499d2f01 Credits Dave Jong Patchstack Required...

WordPress Phlox PRO Theme <= 5.16.4 is vulnerable to Cross Site Scripting (XSS)

Software Phlox PRO Type Theme Vulnerable versions = 5.16.4 Fixed in 5.16.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6339 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d783a1b1dee Credits kauenavarro Required...

WordPress AdRotate Plugin <= 5.13.2 is vulnerable to Arbitrary File Upload

Software AdRotate Type Plugin Vulnerable versions = 5.13.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-1206 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID f703ac87a2d0 Credits Jorgson Required privilege Administrator Published...

WordPress WP EasyCart Plugin <= 5.7.2 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7827 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 87563b6782da Credits Lucio Sá Required privilege Contributor Published 19...

WordPress myCred Plugin <= 2.7.2 is vulnerable to PHP Object Injection

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43354 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4c5d0fdee74 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress Brave Popup Builder Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Brave Popup Builder Type Plugin Vulnerable versions = 0.7.0 Fixed in 0.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43337 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04312f740763 Credits Ananda Dhakal...

WordPress Login As Users Plugin <= 1.4.2 is vulnerable to Privilege Escalation

Software Login As Users Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-43311 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 61576dd70a4f Credits John Blackbourn Required...

WordPress JobSearch Plugin <= 2.3.4 is vulnerable to Privilege Escalation

Software JobSearch Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-43245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dba18ffc45d3 Credits Dave Jong Patchstack Required...

WordPress LearnPress Plugin <= 4.2.6.9.3 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.9.3 Fixed in 4.2.6.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7548 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 65b855bf9a50 Credits Lucio Sá Required privilege Contributor Publish...

WordPress Post Grid Master Plugin <= 3.4.10 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid Master Type Plugin Vulnerable versions = 3.4.10 Fixed in 3.4.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43156 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d887b01a498 Credits Dimas Maulana Required...

WordPress Simple Local Avatars Plugin <= 2.7.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.10 Fixed in 2.7.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43116 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c02a424f233 Credits Rafie Muhamm...

WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6651 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f705fe24e0ac Credits Đức Tài...

WordPress WP User Frontend Plugin <= 4.0.7 is vulnerable to SQL Injection

Software WP User Frontend Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 008157994643 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Easy Digital Downloads Plugin <= 3.2.12 is vulnerable to SQL Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-5057 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 19506d17360a Credits justakazh Required privilege...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...

WordPress WPForms User Registration Plugin <= 2.1.0 is vulnerable to Privilege Escalation

Software WPForms User Registration Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-52209 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 78ca3b70599d Credits...

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...

WordPress Simple Video Directory Plugin < 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Simple Video Directory Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5811 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6334df1d47fc Credits Bob Matyas Required...

WordPress Duplicator Plugin <= 1.5.9 is vulnerable to Full Path Disclosure (FPD)

Software Duplicator Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d879d29752 Credits stealthcopter Required...

WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Privilege Escalation

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6411 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f89fa5a9e660 Credits Truoc Phan Required privilege...

WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to Arbitrary File Deletion

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37932 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 80d70b64099f Credits Dave Jong Patchstack...

WordPress WPCafe Plugin <= 2.2.27 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.27 Fixed in 2.2.28 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37513 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 939a4f465f21 Credits João Pedro S Alcântara Kinorth Requir...

WordPress Paid Memberships Pro Plugin <= 3.0.5 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37486 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6111a0093c77 Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress Hestia Theme <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Hestia Type Theme Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37467 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 143c51756c08 Credits Dhabaleshwar Das Required...

WordPress Advanced File Manager Plugin <= 5.2.4 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.4 Fixed in 5.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-5598 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f0b48a6d68bd Credits emad Required...