46606 matches found
WordPress CM Business Directory Plugin – Business Listing Directory Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)
Software CM Business Directory Plugin – Business Listing Directory Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...
WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...
WordPress April's Call Posts Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software April's Call Posts Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53730 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5fa9ffdca641 Credits SOPROBRO Required...
WordPress Community by PeepSo Plugin <= 6.4.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Community by PeepSo Type Plugin Vulnerable versions = 6.4.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11447 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9789945f6fbd Credits rajanhoyr...
WordPress Run Contests, Raffles, and Giveaways with ContestsWP Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Run Contests, Raffles, and Giveaways with ContestsWP Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
WordPress Sky Addons for Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-11601 Patch priority Low CVSS severity Low 4.3 Developer Shahidul Islam PSID d5ecb4a73f9b Credits vgo0 Requir...
WordPress Contact Form 7 Email Add on Plugin <= 1.9 is vulnerable to Local File Inclusion
Software Contact Form 7 Email Add on Type Plugin Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10898 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 980fef2f1e67 Credits Le Ngoc Anh Required privilege...
WordPress Lock User Account Plugin <= 1.0.5 is vulnerable to Broken Authentication
Software Lock User Account Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-11197 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 83b2ce1638c9 Credits Francesc...
WordPress Ashe Theme <= 2.243 is vulnerable to Cross Site Scripting (XSS)
Software Ashe Type Theme Vulnerable versions = 2.243 Fixed in 2.244 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ba0e6cd8ae8 Credits vgo0 Required privilege...
WordPress WPB Popup for Contact Form 7 Plugin <= 1.7.5 is vulnerable to Broken Access Control
Software WPB Popup for Contact Form 7 Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b3456d161fd Credits Arkadiusz...
WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc2c8b0bae5b Credits Peter...
WordPress Customer Reviews for WooCommerce Plugin <= 5.61.0 is vulnerable to Broken Access Control
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.61.0 Fixed in 5.62.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10614 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce10b4d9cbd7 Credits incognito...
WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation
Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...
WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control
Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...
WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection
Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...
WordPress WP Githuber MD Plugin <= 1.16.3 is vulnerable to Cross Site Scripting (XSS)
Software WP Githuber MD Type Plugin Vulnerable versions = 1.16.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52422 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80930d0544eb Credits Fazle Mawla Required privilege Contribut...
WordPress Luna Web Radio Player Plugin <= 6.24.01.24 is vulnerable to Directory Traversal
Software Luna Web Radio Player Type Plugin Vulnerable versions = 6.24.01.24 Fixed in 6.24.11.07 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 24e0a47712fe Credits Tonn Required privilege...
WordPress Buy one click WooCommerce Plugin <= 2.2.9 is vulnerable to Broken Access Control
Software Buy one click WooCommerce Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10852 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5a826444a0c Credits incognito Required...
WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control
Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...
WordPress drop in image slideshow gallery Plugin <= 12.0 is vulnerable to Cross Site Scripting (XSS)
Software drop in image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a71fbc384972 Credits Zlrqh Required privilege...
WordPress L Squared Hub WP Plugin <= 1.0 is vulnerable to SQL Injection
Software L Squared Hub WP Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51820 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b1c1c7bbdde2 Credits LVT-tholv2k Required privilege Contributor Published...
WordPress CE21 Suite Plugin <= 2.2.0 is vulnerable to Sensitive Data Exposure
Software CE21 Suite Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-10285 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6f3d12b67220 Credits István Márton Required privilege...
WordPress Algori PDF Viewer Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Algori PDF Viewer Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2018-5158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f9da283093fc Credits Colin Xu Required...
WordPress CE21 Suite Plugin <= 2.2.0 is vulnerable to Broken Access Control
Software CE21 Suite Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10294 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 61161cac4b51 Credits István Márton Required privile...
WordPress Posts Search Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Posts Search Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51884 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9222a2124ac Credits SOPROBRO Required privilege Contributor...
WordPress Stylish Internal Links Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)
Software Stylish Internal Links Type Plugin Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51939 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 514970e5a542 Credits Zlrqh Required privilege Contributo...
WordPress HB AUDIO GALLERY Plugin <= 3.0 is vulnerable to Arbitrary File Upload
Software HB AUDIO GALLERY Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51790 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 40d2c24127c2 Credits stealthcopter Required privilege...
WordPress Event post Plugin <= 5.9.6 is vulnerable to Cross Site Scripting (XSS)
Software Event post Type Plugin Vulnerable versions = 5.9.6 Fixed in 5.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10186 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f5c01437fb3d Credits Peter Thaleikis Required...
WordPress Saragna Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Saragna Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51711 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 521f5ad254b7 Credits João Pedro S Alcântara Kinorth Required...
WordPress Narnoo Commerce Manager Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Narnoo Commerce Manager Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51708 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1daa09058da0 Credits João Pedro S Alcântara...
WordPress Media Library Assistant Plugin <= 3.19 is vulnerable to Remote Code Execution (RCE)
Software Media Library Assistant Type Plugin Vulnerable versions = 3.19 Fixed in 3.20 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-51661 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID a84f9b05189b Credits Certus Cybersecurity Required...
WordPress Black Widgets For Elementor Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Black Widgets For Elementor Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51662 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b85ed5e8e929 Credits João Pedro S Alcântara...
WordPress Events Manager Pro – extended Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Events Manager Pro – extended Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-50532 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 6e38b5b027b3 Credits SOPROBRO...
WordPress Gift Vouchers Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Gift Vouchers Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9165 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05e5caabd7d5 Credits Francesco Carlucci Require...
WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution
Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...
WordPress Meetup Plugin <= 0.1 is vulnerable to Broken Authentication
Software Meetup Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50483 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6432286e77c7 Credits Bonds Required...
WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication
Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...
WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload
Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50484 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3feda20596e4 Credits Bonds Required privilege...
WordPress Namaste! LMS Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Namaste! LMS Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50409 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 084203fa02ee Credits Hakiduck Required privilege Student...
WordPress WooCommerce UPS Shipping – Live Rates and Access Points Plugin <= 2.3.11 is vulnerable to Broken Access Control
Software WooCommerce UPS Shipping – Live Rates and Access Points Type Plugin Vulnerable versions = 2.3.11 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9109 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3cccbff59...
WordPress WP Abstracts Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Abstracts Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-50411 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6551529121f6 Credits UKO Required privilege Administrato...
WordPress WPS Telegram Chat Plugin <= 4.5.4 is vulnerable to Broken Access Control
Software WPS Telegram Chat Type Plugin Vulnerable versions = 4.5.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-9628 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 35d166ea4c51 Credits...
WordPress DearFlip Plugin <= 2.3.32 is vulnerable to Cross Site Scripting (XSS)
Software DearFlip Type Plugin Vulnerable versions = 2.3.32 Fixed in 2.3.42 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8717 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4b31b90d091 Credits Noah Stead TurtleBurg...
WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection
Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2b353481dee7 Credits John Castro Required privilege...
WordPress Todo Custom Field Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Todo Custom Field Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49642 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 03eb6add369b Credits Mika Required privilege...
WordPress Product Website Showcase Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software Product Website Showcase Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49611 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f26ca655ccfd Credits stealthcopter Required privilege...
WordPress SermonAudio Widgets Plugin <= 1.9.3 is vulnerable to SQL Injection
Software SermonAudio Widgets Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49614 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b36bd1fd3f06 Credits João Pedro S Alcântara Kinorth Required privile...
WordPress WP REST API FNS Plugin <= 1.0.0 is vulnerable to Privilege Escalation
Software WP REST API FNS Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-49328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b5035012904a Credits stealthcopter Required privilege...
WordPress Photo Gallery Builder Plugin <= 3.0 is vulnerable to Broken Access Control
Software Photo Gallery Builder Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49325 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db6c940f3de7 Credits Marek Mikita Required...