WordPress SEO SIMPLE PACK Plugin <= 3.2.1 is vulnerable to Sensitive Data Exposure

Software SEO SIMPLE PACK Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2795 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b6dc01036030 Credits Krzysztof Zając Required...

WordPress DethemeKit For Elementor Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6283 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca45127d50d0 Credits Webbernaut...

WordPress JetWidgets For Elementor Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.17 Fixed in 1.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4626 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b1769bce3b2 Credits stealthcopter...

WordPress Sirv Plugin <= 7.2.6 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.6 Fixed in 7.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-5853 Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID b8d1b016bf81 Credits Lucio Sá Required privilege Contributor Published 18 June,...

WordPress Master Slider Plugin <= 3.9.10 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Type Plugin Vulnerable versions = 3.9.10 Fixed in 3.10.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4375 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1a4a36dfa73c Credits Krzysztof Zając Required...

WordPress LatePoint Plugin <= 4.9.9 is vulnerable to Broken Access Control

Software LatePoint Type Plugin Vulnerable versions = 4.9.9 Fixed in 4.9.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2472 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID c507e34d06b9 Credits Gharib Sharifi - WaveSec Joel Avia...

WordPress Qi Addons For Elementor Plugin <= 1.7.2 is vulnerable to Local File Inclusion

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4887 Patch priority Low CVSS severity Low 8.5 Developer Qode Interactive PSID c1cece0585f4 Credits haidv35 Required privilege...

WordPress Sina Extension for Elementor Plugin <= 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Sina Extension for Elementor Type Plugin Vulnerable versions = 3.5.3 Fixed in 3.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8823567b5380 Credits Ngô Thiên An ancorn from...

WordPress WPMobile.App Plugin <= 11.41 is vulnerable to Cross Site Scripting (XSS)

Software WPMobile.App Type Plugin Vulnerable versions = 11.41 Fixed in 11.42 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-35694 Patch priority Medium CVSS severity Medium 7.1 Developer Amauri.IO PSID 392a8fdcac50 Credits CatFather Required privilege...

WordPress Qi Addons For Elementor Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4364 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 0676734b6c2d Credits wesley wcraft...

WordPress GP Premium Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software GP Premium Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dbeca6e72752 Credits 1337Wannabe - home M.Aw...

WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability

Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...

WordPress Essential Real Estate Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3dd9001bf079 Credits Krzysztof Zając...

WordPress Essential Addons for Elementor Plugin <= 5.9.21 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.21 Fixed in 5.9.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5073 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID bca3152f1888 Credits stealthcopt...

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928f58a695a Credits Bob Matyas...

WordPress Photo Gallery by 10Web Plugin <= 1.8.25 is vulnerable to Broken Access Control

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.25 Fixed in 1.8.26 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 904616965144 Credits Dhabaleshwar Das...

WordPress WP ViperGB Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ViperGB Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4409 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce16817d4da2 Credits Benedictus Jovan aillesiM...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1762 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c09536c816a Credits Piotr Kuśpit Required...

WordPress LearnPress Plugin <= 4.2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.6 Fixed in 4.2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4971 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff054c167 Credits stealthcopter Required...

WordPress Move Addons for Elementor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9726490c525 Credits stealthcopter...

WordPress WP Backpack Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Backpack Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4756 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cb14ff5810b9 Credits Bob Matyas Required privilege...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.26 is vulnerable to Content Injection

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.26 Fixed in 1.6.27 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-2619 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e650ff9528ff Credits wesley wcraft...

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-34761 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d593f1472031 Credits Security audit Required...

WordPress Mindscape Theme <= 1.0.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mindscape Type Theme Vulnerable versions = 1.0.16 Fixed in 1.0.23 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34810 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c591d53d9f92 Credits Dhabaleshwar Das Require...

WordPress Academy LMS Plugin <= 1.9.25 is vulnerable to Sensitive Data Exposure

Software Academy LMS Type Plugin Vulnerable versions = 1.9.25 Fixed in 1.9.26 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35171 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7ce74e58435 Credits Peng Zhou Required privilege...

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Arbitrary File Upload

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4397 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e486f6c14d9b Credits JoanClarke2 Required privilege...

WordPress Meow Gallery Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Meow Gallery Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff273a246878 Credits Krzysztof Zając Required...

WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Plugin <= 4.5.3 is vulnerable to Sensitive Data Exposure

Software SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.6.0 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-1076 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33941 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3a0c2aa84662 Credits...

WordPress Auto Featured Image (Auto Post Thumbnail) Plugin <= 4.1.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-33629 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...

WordPress Knowledge Base documentation & wiki plugin – BasePress Plugin <= 2.16.1 is vulnerable to Broken Access Control

Software Knowledge Base documentation & wiki plugin – BasePress Type Plugin Vulnerable versions = 2.16.1 Fixed in 2.16.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33588 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID...

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.11 is vulnerable to Arbitrary File Upload

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.11 Fixed in 3.6.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32836 Patch priority Medium CVSS severity Medium 9.1 Developer WP Lab PSID a5bd0e74973d Credits Joshua Chan Required privilege Shop...

WordPress Royal Elementor Addons Plugin <= 1.3.93 is vulnerable to Bypass Vulnerability

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.93 Fixed in 1.3.95 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32786 Patch priority Low CVSS severity Low 5.3 Developer WProyal PSID 136b421b7f6f Credits Brandon Roldan Required...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Download

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32715 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a4c06fc8a3c4 Credits Yudistira Arya...

WordPress User Registration Plugin <= 3.1.5 is vulnerable to Broken Access Control

Software User Registration Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2417 Patch priority High CVSS severity High 8.8 Developer Masteriyo PSID f4d185ab446a Credits Stiofan Required privilege...

WordPress HelloAsso Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software HelloAsso Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32697 Patch priority Low CVSS severity Low 6.5 Developer HelloAsso PSID 1f9d717bb882 Credits Khalid Yusuf Required privilege Contributor...

WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to Remote Code Execution (RCE)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A5: Security Misconfiguration Classification Remote Code Execution RCE CVE CVE-2024-32680 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5338513548eb Credits Yudistira Arya Required...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress Attesa Extra Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Attesa Extra Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32594 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4bca51f18f29 Credits Khalid Yusuf Required privilege Contribut...

WordPress Master Slider Plugin <= 3.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32580 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7119ccf52d56 Credits LVT-tholv2k Required privilege Contribut...

WordPress Ivory Search Plugin <= 5.5.5 is vulnerable to Broken Access Control

Software Ivory Search Type Plugin Vulnerable versions = 5.5.5 Fixed in 5.5.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff3a7d3e493 Credits Thura Moe Myint mgthuramoemyint...

WordPress WPBakery Page Builder Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.5 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1840 Patch priority Low CVSS severity Low 6.5 Developer WPBakery PSID 519a2ab9e5cd Credits Nikolas Required privilege...

WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...

WordPress Welcart e-Commerce Plugin <= 2.9.14 is vulnerable to Broken Access Control

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.14 Fixed in 2.10.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32144 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ee1ee2dda449 Credits emad Required privilege...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to SQL Injection

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32128 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID df09fa02a23c Credits Joshua Chan Required privilege...

WordPress Better Chat Support Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Chat Support Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.6.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 871e512d4e62 Credits Dhabaleshwar Da...

WordPress MailChimp Forms by MailMunch Plugin <= 3.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31378 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6da6aad69d50 Credits Majed...