WordPress BackWPup Plugin < 4.0.4 is vulnerable to Sensitive Data Exposure

Software BackWPup Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7164 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID 21f6bbb8269a Credits Dmitrii Ignatyev Required privilege...

WordPress NextGEN Gallery Plugin <= 3.59 is vulnerable to Broken Access Control

Software NextGEN Gallery Type Plugin Vulnerable versions = 3.59 Fixed in 3.59.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3097 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1d6376e4869c Credits Peng Zhou Required privilege...

WordPress Slideshow Gallery Plugin <= 1.8 is vulnerable to Sensitive Data Exposure

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-31353 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0d303a6f8dfd Credits Ananda Dhakal Patchstack...

WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...

WordPress LayerSlider Plugin 7.9.11 - 7.10.0 is vulnerable to SQL Injection

Software LayerSlider Type Plugin Vulnerable versions 7.9.11 - 7.10.0 Fixed in 7.10.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2879 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f3cdf1aebfe3 Credits AmrAwad Required privilege Unauthenticated...

WordPress ShortPixel Adaptive Images Plugin <= 3.8.2 is vulnerable to Broken Access Control

Software ShortPixel Adaptive Images Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31230 Patch priority Low CVSS severity Low 5.3 Developer ShortPixel PSID d34ef049395c Credits Mika Required privilege...

WordPress Ecwid Shopping Cart Plugin <= 6.12.10 is vulnerable to Cross Site Scripting (XSS)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.10 Fixed in 6.12.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 58dc51eadb76 Credits Krzysztof Zając...

WordPress SellKit Plugin <= 1.8.1 is vulnerable to Arbitrary File Download

Software SellKit Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-30509 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 931911cd5460 Credits stealthcopter Required...

WordPress Landing Page Builder Plugin <= 1.5.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Builder Type Plugin Vulnerable versions = 1.5.1.7 Fixed in 1.5.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0b0fe33f3f57 Credits Steven Julian Required...

WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

WordPress Shortlinks by Pretty Links Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Shortlinks by Pretty Links Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29770 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1b0efcde695 Credits Rafie Muhammad...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0957 Patch priority Medium CVSS severity Medium 7.1 Developer...

WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...

WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...

WordPress Avada Theme <= 7.11.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2343 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b215d9a4cc5d Credits Muhammad Zeeshan Xib3rR4dAr Required...

WordPress Weglot Translate Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff81bdc0a325 Credits Ngô Thiên An ancorn -...

WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure

Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...

WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...

WordPress Essential Addons for Elementor Plugin <= 5.9.9 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.9 Fixed in 5.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1537 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID 760e9ecbd984 Credits wesley wcraf...

WordPress Ultimate Member Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2123 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d51add86a5f Credits stealthcopter...

WordPress Download Manager Plugin <= 3.2.84 is vulnerable to Broken Access Control

Software Download Manager Type Plugin Vulnerable versions = 3.2.84 Fixed in 3.2.85 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6785 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 049e661b5aa7 Credits wesley wcraft Required...

WordPress Elementor Pro Plugin <= 3.19.2 is vulnerable to Sensitive Data Exposure

Software Elementor Pro Type Plugin Vulnerable versions = 3.19.2 Fixed in 3.19.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-23523 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4d0340c1078 Credits Dynamic.ooo Team Required...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Change Table Prefix Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25932 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3132be596954 Credits Nguyen Xuan Chien...

WordPress WP SMS Plugin <= 6.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP SMS Type Plugin Vulnerable versions = 6.3.4 Fixed in 6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e899db47af6 Credits Khalid Yusuf Required privilege Contributor...

WordPress Directorist Plugin <= 7.8.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.4 Fixed in 7.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1322 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd1efe90eebb Credits Lucio Sá Required privilege...

WordPress MapPress Maps for WordPress Plugin < 2.88.16 is vulnerable to Sensitive Data Exposure

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.16 Fixed in 2.88.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800421954891 Credits Erwan LR...

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin < 3.0.0 is vulnerable to Broken Authentication

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-6036 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9bc7bba9b677 Credits...

WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF)

Software Pexels: Free Stock Photos Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Server Side Request Forgery SSRF CVE CVE-2024-25915 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 1ce792c12670 Credits Majed Refaea...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35a4c2f10086 Credits Frances...

WordPress NextMove Lite Plugin <= 2.17.0 is vulnerable to Remote Code Execution (RCE)

Software NextMove Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-25092 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 2181c91c736b Credits Yudistira Arya Required...

WordPress Booking Calendar Plugin <= 9.9 is vulnerable to SQL Injection

Software Booking Calendar Type Plugin Vulnerable versions = 9.9 Fixed in 9.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1207 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID f33b420f42e8 Credits Muhammad Hassham Nagori Required privilege...

WordPress PageLayer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6738 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID daeb2645c329 Credits Nex Team Required privilege...

WordPress Dragfy Addons for Elementor Plugin <= 8.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Dragfy Addons for Elementor Type Plugin Vulnerable versions = 8.3.1 Fixed in 8.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0448 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80155176471b Credits Webbernaut...

WordPress Mang Board WP Plugin <= 1.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Mang Board WP Type Plugin Vulnerable versions = 1.7.7 Fixed in 1.7.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22306 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d6c87894bd8b Credits Byeongjun Jo Required privilege...

WordPress illi Link Party! Plugin <= 1.0 is vulnerable to Broken Access Control

Software illi Link Party! Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-7231 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 67ab831e42a5 Credits Bob Matyas Required privilege...

WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.9 is vulnerable to SQL Injection

Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.9 Fixed in 3.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0705 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8c922733cce2 Credits Francesco Carlucci Requir...

WordPress Slider by Supsystic Plugin <= 1.8.6 is vulnerable to Broken Access Control

Software Slider by Supsystic Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47330 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5be1957d9f7e Credits Abdi Pranata Requir...

WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure

Software Download IP2Location Country Blocker Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-22294 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dfbdc0d33c26 Credits Mi...

WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Anchor Links Type Plugin Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-22287 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4703f9e2f6d3 Credits Dimas Maulana...

WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Image Tag Manager Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-22160 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21a3315fa407 Credits Dimas Maulana Required...

WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PeepSo Core: Photos Type Plugin Vulnerable versions 6.3.1.0 Fixed in 6.3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22158 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff6b438e0eed Credits Bikram Kharal Required privilege...

WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection

Software WooCommerce Tranzila Gateway Type Plugin Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52218 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 69111059637e Credits Rafie Muhammad Patchstack...

WordPress WP 2FA Plugin <= 2.5.0 is vulnerable to Insecure Direct Object References (IDOR)

Software WP 2FA Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6506 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 04c088b10b91 Credits Ulyses Saicha Required...

WordPress PowerPack Addons for Elementor Plugin <= 2.7.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.13 Fixed in 2.7.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6984 Patch priority Low CVSS severity Low 4.3 Developer IdeaBox Creations PSID 1150c7910d2f Credits...

WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection

Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...

WordPress WS Form LITE Plugin <= 1.9.170 is vulnerable to SQL Injection

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.170 Fixed in 1.9.171 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52135 Patch priority Low CVSS severity Low 7.6 Developer WS Form PSID c63b8c8c0314 Credits Muhammad Daffa Required privilege Administrator Publishe...