46600 matches found
WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Broken Access Control
Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5a225c011e38 Credits...
WordPress WP Time Slots Booking Form Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35734 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 153040c885cf Credits Manab Jyoti Dowarah...
WordPress WPMobile.App Plugin <= 11.41 is vulnerable to Cross Site Scripting (XSS)
Software WPMobile.App Type Plugin Vulnerable versions = 11.41 Fixed in 11.42 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-35694 Patch priority Medium CVSS severity Medium 7.1 Developer Amauri.IO PSID 392a8fdcac50 Credits CatFather Required privilege...
WordPress Qi Addons For Elementor Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4364 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 0676734b6c2d Credits wesley wcraft...
WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)
Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2087 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ead457b1b8e9 Credits wesley wcraft Required...
WordPress Essential Real Estate Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3dd9001bf079 Credits Krzysztof Zając...
WordPress Cowidgets – Elementor Addons Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Cowidgets – Elementor Addons Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-35782 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1726a663f670 Credits Khalid Yus...
WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Checkout Field Editor for WooCommerce Pro versions = 3.6.2...
WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)
Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...
WordPress DethemeKit For Elementor Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)
Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5418 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1bc6009e9b12 Credits wesley wcraft...
WordPress Essential Addons for Elementor Plugin <= 5.9.21 is vulnerable to Cross Site Scripting (XSS)
Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.21 Fixed in 5.9.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5073 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID bca3152f1888 Credits stealthcopt...
WordPress LayerSlider Plugin 7.11.0 is vulnerable to Cross Site Scripting (XSS)
Software LayerSlider Type Plugin Vulnerable versions 7.11.0 Fixed in 7.11.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 784644494489 Credits N/A Required privilege Published 24 May, 20...
WordPress Element Pack Elementor Addons Plugin <= 5.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.6.1 Fixed in 5.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3926 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 244526e11219 Credits wesley...
WordPress Piotnet Addons For Elementor Plugin <= 2.4.26 is vulnerable to Cross Site Scripting (XSS)
Software Piotnet Addons For Elementor Type Plugin Vulnerable versions = 2.4.26 Fixed in 2.4.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ba2de4b7d3a7 Credits Ankit Pat...
WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)
Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34767 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 98f1de88eaf5 Credits Ngô Thiên An ancorn from VNPT-VCI Required...
WordPress Popup Builder Plugin <= 1.1.29 is vulnerable to Cross Site Scripting (XSS)
Software Popup Builder Type Plugin Vulnerable versions = 1.1.29 Fixed in 1.1.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 42654a589b9a Credits Rayhan Ramdhany Hanaputra Required...
WordPress Academy LMS Plugin <= 1.9.25 is vulnerable to Sensitive Data Exposure
Software Academy LMS Type Plugin Vulnerable versions = 1.9.25 Fixed in 1.9.26 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35171 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7ce74e58435 Credits Peng Zhou Required privilege...
WordPress Prime Slider – Addons For Elementor Plugin <= 3.14.3 is vulnerable to Cross Site Scripting (XSS)
Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.14.3 Fixed in 3.14.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 737165ec9dfc Credits Ng...
WordPress Himalayas Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Himalayas Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd02f673cbfe Credits stealthcopter Required privilege Contributor...
WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control
Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...
WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.7.7 is vulnerable to Sensitive Data Exposure
Software Drag and Drop Multiple File Upload – Contact Form 7 Type Plugin Vulnerable versions = 1.3.7.7 Fixed in 1.3.7.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3717 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...
WordPress Email Verification for WooCommerce Plugin <= 2.7.4 is vulnerable to Bypass Vulnerability
Software Email Verification for WooCommerce Type Plugin Vulnerable versions = 2.7.4 Fixed in 2.7.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Bypass Vulnerability CVE CVE-2024-4185 Patch priority Low CVSS severity Low 5.6 Developer Claim ownership PSID 16dc89621743...
WordPress Adventure Journal Theme <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Adventure Journal Type Theme Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85579307b5bb Credits stealthcopter Required privilege...
WordPress Exclusive Addons Elementor Plugin <= 2.6.9.1 is vulnerable to Broken Access Control
Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9.1 Fixed in 2.6.9.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33914 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1215f015ce94 Credits Khalid Yusuf...
WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...
WordPress Ultimate Posts Widget Plugin <= 2.2.9 is vulnerable to Broken Access Control
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 565122e43072 Credits Dhabaleshwar Das Requir...
WordPress WZone plugin < 14.1.00 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...
WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control
Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin <= 4.1.3 is vulnerable to Server Side Request Forgery (SSRF)
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-33629 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...
WordPress WordPress Backup & Migration Plugin <= 1.4.8 is vulnerable to Broken Access Control
Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3546 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7fb4d86b8e12 Credits Krzysztof Zając...
WordPress Login with phone number Plugin <= 1.6.93 is vulnerable to Broken Access Control
Software Login with phone number Type Plugin Vulnerable versions = 1.6.93 Fixed in 1.6.94 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32832 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID 862bfb83b7e9 Credits Majed Refaea Require...
WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation
Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...
WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)
Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...
WordPress ARForms Plugin <= 6.4 is vulnerable to SQL Injection
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32706 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID e8475500673b Credits Dave Jong Patchstack Required privilege Subscriber...
WordPress 5 Stars Rating Funnel Plugin <= 1.2.67 is vulnerable to Broken Access Control
Software 5 Stars Rating Funnel Type Plugin Vulnerable versions = 1.2.67 Fixed in 1.3.02 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32725 Patch priority Low CVSS severity Low 5.3 Developer Tobias PSID a41d04f55930 Credits Dhabaleshwar Das Required...
WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion
Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...
WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WP 404 Auto Redirect to Similar Post Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32559 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c85034ba240a Credits AtaTurk1925...
WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...
WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Cross Site Request Forgery (CSRF)
Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8231f973f18 Credits Amir Hossein Fallahi...
WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Libsyn Publisher Hub Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32141 Patch priority Low CVSS severity Low 4.3 Developer Libsyn PSID c755cb3750aa Credits Majed Refaea Required...
WordPress BEAR Plugin <= 1.1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software BEAR Type Plugin Vulnerable versions = 1.1.4.1 Fixed in 1.1.4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4956c1908b33 Credits Dhabaleshwar Das Required...
WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control
Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31367 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e4cc84a70d34 Credits Rafie Muhammad Patchstack Required...
WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.26 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions 3.2.26 Fixed in 3.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2509 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 59ef6d666275 Credits Dmitrii...
WordPress LayerSlider Plugin 7.9.11 - 7.10.0 is vulnerable to SQL Injection
Software LayerSlider Type Plugin Vulnerable versions 7.9.11 - 7.10.0 Fixed in 7.10.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2879 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f3cdf1aebfe3 Credits AmrAwad Required privilege Unauthenticated...
WordPress Elements kit Elementor addons Plugin <= 3.0.6 is vulnerable to Local File Inclusion
Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2047 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 9c94438e55c2 Credits wesley wcraft Required privilege...
WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...
WordPress WPCS Plugin <= 1.2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPCS Type Plugin Vulnerable versions = 1.2.0.1 Fixed in 1.2.0.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30456 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 88357d12cef3 Credits Dhabaleshwar Das Required...
WordPress SellKit Plugin <= 1.8.1 is vulnerable to Arbitrary File Download
Software SellKit Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-30509 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 931911cd5460 Credits stealthcopter Required...
WordPress Essential Blocks for Gutenberg Plugin <= 4.4.9 is vulnerable to Broken Access Control
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30467 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 54c35d565aef Credits Rafie Muhamma...