46606 matches found
WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication
Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...
WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Privilege Escalation
Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-9863 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 768f87fd904b Credits...
WordPress RS-Members Plugin <= 1.0.3 is vulnerable to Privilege Escalation
Software RS-Members Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49219 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3db20a267888 Credits João Pedro S Alcântara Kinorth...
WordPress Elementor Website Builder Plugin <= 3.24.5 is vulnerable to Sensitive Data Exposure
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.24.5 Fixed in 3.24.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-6757 Patch priority Low CVSS severity Low 4.3 Developer Elementor PSID f4cfefcf22b1 Credits stealthcopter Required...
WordPress Primary Addon for Elementor Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)
Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49259 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c68882b5abc9 Credits João Pedro S Alcântara...
WordPress Contact Form by Supsystic Plugin <= 1.7.28 is vulnerable to Remote Code Execution (RCE)
Software Contact Form by Supsystic Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-48042 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 062050e33e8e Credits Hakiduck Required privile...
WordPress Easy PayPal Gift Certificate Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Easy PayPal Gift Certificate Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e85fe46e59dc Credits István...
WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.11 is vulnerable to Sensitive Data Exposure
Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.11 Fixed in 5.6.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8913 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...
WordPress Easy Social Share Buttons Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Easy Social Share Buttons Type Plugin Vulnerable versions = 1.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db873cfad5a2 Credits vgo0...
WordPress Social Web Suite Plugin <= 4.1.11 is vulnerable to Arbitrary File Download
Software Social Web Suite Type Plugin Vulnerable versions = 4.1.11 Fixed in 4.1.12 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8352 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9b823a04681b Credits Thanh Nam Tran Required...
WordPress Ajax Load More Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Ajax Load More Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8505 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 333f5ab48634 Credits Robert DeVore Required...
WordPress Cost Calculator Builder Plugin < 3.2.29 is vulnerable to SQL Injection
Software Cost Calculator Builder Type Plugin Vulnerable versions 3.2.29 Fixed in 3.2.29 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8379 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0f5b1e009da9 Credits Kientt Required privilege Administrator...
WordPress Web Directory Free Plugin <= 1.7.3 is vulnerable to Cross Site Scripting (XSS)
Software Web Directory Free Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47379 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7db5790f7ffc Credits Certus Cybersecurity Required...
WordPress MaxSlider Plugin <= 1.2.3 is vulnerable to Local File Inclusion
Software MaxSlider Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47351 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID f9c913e9044c Credits João Pedro S Alcântara Kinorth Required privileg...
WordPress EventPrime Plugin <= 4.0.4.5 is vulnerable to Open Redirection
Software EventPrime Type Plugin Vulnerable versions = 4.0.4.5 Fixed in 4.0.4.6 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-47648 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 5cc95dc439ed Credits Muhamad Agil Fachrian Required privilege...
WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.15 is vulnerable to Cross Site Scripting (XSS)
Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8803 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 78a9bff492c8 Credits vgo0...
WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.12 is vulnerable to Privilege Escalation
Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.12 Fixed in 6.7.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8290 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID...
WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Cross Site Scripting (XSS)
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9169 Patch priority Low CVSS severity Low 5.9 Developer Hai Zheng / Lite Speed Cache PSID 86505b2e63f8 Credits WordFence...
WordPress Themesflat Addons For Elementor Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8515 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dff5f611f1f6 Credits Webberna...
WordPress Primary Addon for Elementor Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)
Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b7b50340583 Credits João Pedro S Alcântara...
WordPress Contact Form 7 Campaign Monitor Extension Plugin <= 0.4.67 is vulnerable to Broken Access Control
Software Contact Form 7 Campaign Monitor Extension Type Plugin Vulnerable versions = 0.4.67 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44019 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 11a927ecc073 Credits Abdi...
WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to Privilege Escalation
Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8485 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc9973040e40 Credits wesley wcraft Required...
WordPress Photo Gallery by 10Web Plugin <= 1.8.27 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.27 Fixed in 1.8.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44043 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 58bdb83f52ba Credits Robert DeVore Required...
WordPress Webo-facto Plugin <= 1.40 is vulnerable to Privilege Escalation
Software Webo-facto Type Plugin Vulnerable versions = 1.40 Fixed in 1.41 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8853 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15efb92b2d14 Credits István Márton...
WordPress Carousel Slider Plugin < 2.2.14 is vulnerable to Cross Site Scripting (XSS)
Software Carousel Slider Type Plugin Vulnerable versions 2.2.14 Fixed in 2.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f793427535a Credits Krugov Artyom Required...
WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload
Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...
WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...
WordPress Big File Uploads Plugin <= 2.1.2 is vulnerable to Full Path Disclosure (FPD)
Software Big File Uploads Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-8538 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d70a0318727 Credits netc4t Required privileg...
WordPress Frontend Post Submission Manager Lite Plugin <= 1.2.2 is vulnerable to Broken Access Control
Software Frontend Post Submission Manager Lite Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ea5d9d3b8976 Credits Lucio Sá...
WordPress Geo Controller Plugin <= 8.7.3 is vulnerable to Broken Access Control
Software Geo Controller Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7380 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c241dd8210b8 Credits Lucio Sá Required privilege...
WordPress Share This Image Plugin <= 2.02 is vulnerable to Cross Site Scripting (XSS)
Software Share This Image Type Plugin Vulnerable versions = 2.02 Fixed in 2.03 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8363 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f926f6e8d27 Credits Krzysztof Zając Required...
WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Broken Access Control
Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8121 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID 13565964e4a5 Credits Marco...
WordPress Enfold Theme <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Enfold Type Theme Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5061 Patch priority Low CVSS severity Low 6.5 Developer Kriesi PSID 85813e2bbfbb Credits stealthcopter Required privilege Contributo...
WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control
Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...
WordPress Xpro Elementor Addons Plugin <= 1.4.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.3 Fixed in 1.4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 93f87661de72 Credits WordFence...
WordPress WP Testimonial Widget Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Testimonial Widget Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 886cd3de89e3 Credits hnwmn Required privilege Administrat...
WordPress AdRotate Plugin <= 5.13.2 is vulnerable to Arbitrary File Upload
Software AdRotate Type Plugin Vulnerable versions = 5.13.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-1206 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID f703ac87a2d0 Credits Jorgson Required privilege Administrator Published...
WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...
WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control
Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43254 Patch priority Low CVSS severity Low 4.3 Developer Zaytech PSID 156828c345a0 Credits Dhabaleshwar Das Requir...
WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure
Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...
WordPress JobSearch Plugin <= 2.3.4 is vulnerable to Privilege Escalation
Software JobSearch Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-43245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dba18ffc45d3 Credits Dave Jong Patchstack Required...
WordPress Mediavine Control Panel Plugin <= 2.10.4 is vulnerable to Cross Site Scripting (XSS)
Software Mediavine Control Panel Type Plugin Vulnerable versions = 2.10.4 Fixed in 2.10.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43218 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID 447650b29419 Credits LVT-tholv2k Required privilege...
WordPress Selection Lite Plugin <= 1.11 is vulnerable to Cross Site Scripting (XSS)
Software Selection Lite Type Plugin Vulnerable versions = 1.11 Fixed in 1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d02eb7c2b01 Credits 4rCanJ0x! Required privilege Contributor...
WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload
Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...
WordPress Sync Post With Other Site Plugin <= 1.6 is vulnerable to Broken Access Control
Software Sync Post With Other Site Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6709 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 159a5eca941a Credits Lucio Sá Required...
WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2872 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a6a23937e22a Credits Bob...
WordPress Remote Content Shortcode Plugin <= 1.5 is vulnerable to Server Side Request Forgery (SSRF)
Software Remote Content Shortcode Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2090 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 1a39ce70a128 Credits Francesco Carlucci Require...
WordPress CTT Expresso para WooCommerce Plugin <= 3.2.12 is vulnerable to Sensitive Data Exposure
Software CTT Expresso para WooCommerce Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.2.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6687 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 27468c538b68 Credits Ricardo...
WordPress Sign-up Sheets Plugin <= 2.2.12 is vulnerable to Broken Access Control
Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39654 Patch priority Low CVSS severity Low 5.3 Developer Fetch Designs PSID bf5384db048d Credits Joshua Chan Required privilege...
WordPress Black Widgets For Elementor Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)
Software Black Widgets For Elementor Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39644 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 23d80ce9ec11 Credits Michael Required privilege...