46606 matches found
WordPress Essential Real Estate Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3dd9001bf079 Credits Krzysztof Zając...
WordPress Cowidgets – Elementor Addons Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Cowidgets – Elementor Addons Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-35782 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1726a663f670 Credits Khalid Yus...
WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Checkout Field Editor for WooCommerce Pro versions = 3.6.2...
WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)
Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...
WordPress DethemeKit For Elementor Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)
Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5418 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1bc6009e9b12 Credits wesley wcraft...
WordPress LayerSlider Plugin 7.11.0 is vulnerable to Cross Site Scripting (XSS)
Software LayerSlider Type Plugin Vulnerable versions 7.11.0 Fixed in 7.11.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 784644494489 Credits N/A Required privilege Published 24 May, 20...
WordPress Element Pack Elementor Addons Plugin <= 5.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.6.1 Fixed in 5.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3926 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 244526e11219 Credits wesley...
WordPress Piotnet Addons For Elementor Plugin <= 2.4.26 is vulnerable to Cross Site Scripting (XSS)
Software Piotnet Addons For Elementor Type Plugin Vulnerable versions = 2.4.26 Fixed in 2.4.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ba2de4b7d3a7 Credits Ankit Pat...
WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)
Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34767 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 98f1de88eaf5 Credits Ngô Thiên An ancorn from VNPT-VCI Required...
WordPress Popup Builder Plugin <= 1.1.29 is vulnerable to Cross Site Scripting (XSS)
Software Popup Builder Type Plugin Vulnerable versions = 1.1.29 Fixed in 1.1.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 42654a589b9a Credits Rayhan Ramdhany Hanaputra Required...
WordPress Academy LMS Plugin <= 1.9.25 is vulnerable to Sensitive Data Exposure
Software Academy LMS Type Plugin Vulnerable versions = 1.9.25 Fixed in 1.9.26 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35171 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7ce74e58435 Credits Peng Zhou Required privilege...
WordPress Prime Slider – Addons For Elementor Plugin <= 3.14.3 is vulnerable to Cross Site Scripting (XSS)
Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.14.3 Fixed in 3.14.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 737165ec9dfc Credits Ng...
WordPress Himalayas Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Himalayas Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd02f673cbfe Credits stealthcopter Required privilege Contributor...
WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control
Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...
WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.7.7 is vulnerable to Sensitive Data Exposure
Software Drag and Drop Multiple File Upload – Contact Form 7 Type Plugin Vulnerable versions = 1.3.7.7 Fixed in 1.3.7.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3717 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...
WordPress Adventure Journal Theme <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Adventure Journal Type Theme Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85579307b5bb Credits stealthcopter Required privilege...
WordPress Exclusive Addons Elementor Plugin <= 2.6.9.1 is vulnerable to Broken Access Control
Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9.1 Fixed in 2.6.9.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33914 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1215f015ce94 Credits Khalid Yusuf...
WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...
WordPress Ultimate Posts Widget Plugin <= 2.2.9 is vulnerable to Broken Access Control
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 565122e43072 Credits Dhabaleshwar Das Requir...
WordPress WZone plugin < 14.1.00 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...
WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control
Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin <= 4.1.3 is vulnerable to Server Side Request Forgery (SSRF)
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-33629 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...
WordPress WordPress Backup & Migration Plugin <= 1.4.8 is vulnerable to Broken Access Control
Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3546 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7fb4d86b8e12 Credits Krzysztof Zając...
WordPress Login with phone number Plugin <= 1.6.93 is vulnerable to Broken Access Control
Software Login with phone number Type Plugin Vulnerable versions = 1.6.93 Fixed in 1.6.94 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32832 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID 862bfb83b7e9 Credits Majed Refaea Require...
WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation
Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...
WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)
Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...
WordPress ARForms Plugin <= 6.4 is vulnerable to SQL Injection
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32706 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID e8475500673b Credits Dave Jong Patchstack Required privilege Subscriber...
WordPress 5 Stars Rating Funnel Plugin <= 1.2.67 is vulnerable to Broken Access Control
Software 5 Stars Rating Funnel Type Plugin Vulnerable versions = 1.2.67 Fixed in 1.3.02 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32725 Patch priority Low CVSS severity Low 5.3 Developer Tobias PSID a41d04f55930 Credits Dhabaleshwar Das Required...
WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion
Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...
WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...
WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Cross Site Request Forgery (CSRF)
Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8231f973f18 Credits Amir Hossein Fallahi...
WordPress BEAR Plugin <= 1.1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software BEAR Type Plugin Vulnerable versions = 1.1.4.1 Fixed in 1.1.4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4956c1908b33 Credits Dhabaleshwar Das Required...
WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control
Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31367 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e4cc84a70d34 Credits Rafie Muhammad Patchstack Required...
WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.26 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions 3.2.26 Fixed in 3.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2509 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 59ef6d666275 Credits Dmitrii...
WordPress LayerSlider Plugin 7.9.11 - 7.10.0 is vulnerable to SQL Injection
Software LayerSlider Type Plugin Vulnerable versions 7.9.11 - 7.10.0 Fixed in 7.10.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2879 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f3cdf1aebfe3 Credits AmrAwad Required privilege Unauthenticated...
WordPress Elements kit Elementor addons Plugin <= 3.0.6 is vulnerable to Local File Inclusion
Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2047 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 9c94438e55c2 Credits wesley wcraft Required privilege...
WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...
WordPress WPCS Plugin <= 1.2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPCS Type Plugin Vulnerable versions = 1.2.0.1 Fixed in 1.2.0.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30456 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 88357d12cef3 Credits Dhabaleshwar Das Required...
WordPress SellKit Plugin <= 1.8.1 is vulnerable to Arbitrary File Download
Software SellKit Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-30509 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 931911cd5460 Credits stealthcopter Required...
WordPress Essential Blocks for Gutenberg Plugin <= 4.4.9 is vulnerable to Broken Access Control
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30467 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 54c35d565aef Credits Rafie Muhamma...
WordPress OSS Aliyun Plugin <= 1.4.10 is vulnerable to SQL Injection
Software OSS Aliyun Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30494 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f4acc3b1af32 Credits Majed Refaea Required privilege Administrator...
WordPress Molongui Plugin <= 4.7.7 is vulnerable to Insecure Direct Object References (IDOR)
Software Molongui Type Plugin Vulnerable versions = 4.7.7 Fixed in 4.7.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30507 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID c7f745bc9de4 Credits CatFather Required...
WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e663f7c5a611 Credits LVT-tholv2k Required privilege...
WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)
Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...
WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection
Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29763 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 835f8f6375ea Credits...
WordPress Podlove Podcast Publisher Plugin <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29915 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b5b45e01eae Credits Dimas Maulana Require...
WordPress Everest Forms Plugin <= 2.0.7 is vulnerable to Server Side Request Forgery (SSRF)
Software Everest Forms Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1812 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 113a534a2c9d Credits hir0ot Required privilege...
WordPress WP Popups Plugin <= 2.1.5.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Popups Type Plugin Vulnerable versions = 2.1.5.5 Fixed in 2.1.5.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Cross Site Scripting XSS CVE CVE-2024-29105 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35ef43496a84 Credits Huynh...