46606 matches found
WordPress LayerSlider Plugin 7.11.0 is vulnerable to Cross Site Scripting (XSS)
Software LayerSlider Type Plugin Vulnerable versions 7.11.0 Fixed in 7.11.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 784644494489 Credits N/A Required privilege Published 24 May, 20...
WordPress Element Pack Elementor Addons Plugin <= 5.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.6.1 Fixed in 5.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3926 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 244526e11219 Credits wesley...
WordPress Piotnet Addons For Elementor Plugin <= 2.4.26 is vulnerable to Cross Site Scripting (XSS)
Software Piotnet Addons For Elementor Type Plugin Vulnerable versions = 2.4.26 Fixed in 2.4.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ba2de4b7d3a7 Credits Ankit Pat...
WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)
Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34767 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 98f1de88eaf5 Credits Ngô Thiên An ancorn from VNPT-VCI Required...
WordPress Popup Builder Plugin <= 1.1.29 is vulnerable to Cross Site Scripting (XSS)
Software Popup Builder Type Plugin Vulnerable versions = 1.1.29 Fixed in 1.1.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 42654a589b9a Credits Rayhan Ramdhany Hanaputra Required...
WordPress Academy LMS Plugin <= 1.9.25 is vulnerable to Sensitive Data Exposure
Software Academy LMS Type Plugin Vulnerable versions = 1.9.25 Fixed in 1.9.26 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35171 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7ce74e58435 Credits Peng Zhou Required privilege...
WordPress Prime Slider – Addons For Elementor Plugin <= 3.14.3 is vulnerable to Cross Site Scripting (XSS)
Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.14.3 Fixed in 3.14.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 737165ec9dfc Credits Ng...
WordPress Himalayas Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Himalayas Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd02f673cbfe Credits stealthcopter Required privilege Contributor...
WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control
Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...
WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.7.7 is vulnerable to Sensitive Data Exposure
Software Drag and Drop Multiple File Upload – Contact Form 7 Type Plugin Vulnerable versions = 1.3.7.7 Fixed in 1.3.7.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3717 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...
WordPress Adventure Journal Theme <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)
Software Adventure Journal Type Theme Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85579307b5bb Credits stealthcopter Required privilege...
WordPress Exclusive Addons Elementor Plugin <= 2.6.9.1 is vulnerable to Broken Access Control
Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9.1 Fixed in 2.6.9.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33914 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1215f015ce94 Credits Khalid Yusuf...
WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...
WordPress Ultimate Posts Widget Plugin <= 2.2.9 is vulnerable to Broken Access Control
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 565122e43072 Credits Dhabaleshwar Das Requir...
WordPress WZone plugin < 14.1.00 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...
WordPress Five Star Restaurant Reservations Plugin <= 2.6.16 is vulnerable to Broken Access Control
Software Five Star Restaurant Reservations Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2024-33596 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d75b86943c20 Credits Steven Julian...
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin <= 4.1.3 is vulnerable to Server Side Request Forgery (SSRF)
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-33629 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...
WordPress WordPress Backup & Migration Plugin <= 1.4.8 is vulnerable to Broken Access Control
Software WordPress Backup & Migration Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3546 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7fb4d86b8e12 Credits Krzysztof ZajÄ…c...
WordPress Login with phone number Plugin <= 1.6.93 is vulnerable to Broken Access Control
Software Login with phone number Type Plugin Vulnerable versions = 1.6.93 Fixed in 1.6.94 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32832 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID 862bfb83b7e9 Credits Majed Refaea Require...
WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation
Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...
WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)
Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...
WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...
WordPress ARForms Plugin <= 6.4 is vulnerable to SQL Injection
Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32706 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID e8475500673b Credits Dave Jong Patchstack Required privilege Subscriber...
WordPress 5 Stars Rating Funnel Plugin <= 1.2.67 is vulnerable to Broken Access Control
Software 5 Stars Rating Funnel Type Plugin Vulnerable versions = 1.2.67 Fixed in 1.3.02 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32725 Patch priority Low CVSS severity Low 5.3 Developer Tobias PSID a41d04f55930 Credits Dhabaleshwar Das Required...
WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion
Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...
WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32583 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f4c4a32a029 Credits Steven Julian Required...
WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Cross Site Request Forgery (CSRF)
Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8231f973f18 Credits Amir Hossein Fallahi...
WordPress BEAR Plugin <= 1.1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software BEAR Type Plugin Vulnerable versions = 1.1.4.1 Fixed in 1.1.4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4956c1908b33 Credits Dhabaleshwar Das Required...
WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control
Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31367 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e4cc84a70d34 Credits Rafie Muhammad Patchstack Required...
WordPress Gutenberg Blocks by Kadence Blocks Plugin < 3.2.26 is vulnerable to Cross Site Scripting (XSS)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions 3.2.26 Fixed in 3.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2509 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 59ef6d666275 Credits Dmitrii...
WordPress LayerSlider Plugin 7.9.11 - 7.10.0 is vulnerable to SQL Injection
Software LayerSlider Type Plugin Vulnerable versions 7.9.11 - 7.10.0 Fixed in 7.10.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-2879 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f3cdf1aebfe3 Credits AmrAwad Required privilege Unauthenticated...
WordPress Elements kit Elementor addons Plugin <= 3.0.6 is vulnerable to Local File Inclusion
Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2047 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 9c94438e55c2 Credits wesley wcraft Required privilege...
WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...
WordPress WPCS Plugin <= 1.2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPCS Type Plugin Vulnerable versions = 1.2.0.1 Fixed in 1.2.0.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30456 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 88357d12cef3 Credits Dhabaleshwar Das Required...
WordPress SellKit Plugin <= 1.8.1 is vulnerable to Arbitrary File Download
Software SellKit Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-30509 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 931911cd5460 Credits stealthcopter Required...
WordPress Essential Blocks for Gutenberg Plugin <= 4.4.9 is vulnerable to Broken Access Control
Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30467 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 54c35d565aef Credits Rafie Muhamma...
WordPress OSS Aliyun Plugin <= 1.4.10 is vulnerable to SQL Injection
Software OSS Aliyun Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30494 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f4acc3b1af32 Credits Majed Refaea Required privilege Administrator...
WordPress Molongui Plugin <= 4.7.7 is vulnerable to Insecure Direct Object References (IDOR)
Software Molongui Type Plugin Vulnerable versions = 4.7.7 Fixed in 4.7.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30507 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID c7f745bc9de4 Credits CatFather Required...
WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e663f7c5a611 Credits LVT-tholv2k Required privilege...
WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)
Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...
WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection
Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29763 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 835f8f6375ea Credits...
WordPress Podlove Podcast Publisher Plugin <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29915 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b5b45e01eae Credits Dimas Maulana Require...
WordPress Everest Forms Plugin <= 2.0.7 is vulnerable to Server Side Request Forgery (SSRF)
Software Everest Forms Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1812 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 113a534a2c9d Credits hir0ot Required privilege...
WordPress WP Popups Plugin <= 2.1.5.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Popups Type Plugin Vulnerable versions = 2.1.5.5 Fixed in 2.1.5.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Cross Site Scripting XSS CVE CVE-2024-29105 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35ef43496a84 Credits Huynh...
WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download
Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...
WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection
Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...
WordPress Pie Register Plugin <= 3.8.3.2 is vulnerable to Arbitrary File Upload
Software Pie Register Type Plugin Vulnerable versions = 3.8.3.2 Fixed in 3.8.3.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-27957 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a371b236f7d1 Credits Rafie Muhammad Patchstack Required...
WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2015-10130 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e4875511ed9 Credit...
WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion
Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...