Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. 

Last week, there were 261 vulnerabilities disclosed in 212 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 75 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
• BookingPress Appointment Booking <= 1.1.5 – Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
stealthcopter	18
Lucio Sá	15
Bob Matyas	14
Joshua Chan	14
Majed Refaea	14
Dhabaleshwar Das	13
István Márton	12
Dave Jong	11
LVT-tholv2k	9
João Pedro Soares de Alcântara	7
Dimas Maulana	6
akas wisnu aji	6
Francesco Carlucci	6
Peng Zhou	6
Dmitrii Ignatyev	5
Ananda Dhakal	5
João G. Barbosa (4rCanJ0x!)	4
Jean Tirstan T	4
Krzysztof Zając	4
shaman0x01	4
Krugov Artyom	4
Khalid	4
Webbernaut	3
Ngô Thiên An (ancorn_)	3
Manab Jyoti Dowarah	3
Truoc Phan	3
Michael	3
Eddie Zhang (Project Black)	3
Cronus	3
SouzaZinn	3
Rafie Muhammad	3
Erwan LR	2
Foxyyy	2
Rafshanzani Suhada	2
Colin Xu	2
Tieu Pham Trong Nhan	2
Peter Thaleikis	2
Benedictus Jovan (aillesiM)	2
Mika	2
Myungju Kim	2
younsoung kim	2
SeoHyeon Lee	2
SeoHee Kang	2
Phill Sav (Savphill)	2
wesley (wcraft)	2
beluga	2
miguelxpn	1
Trinh Vu (Sonicrrrr)	1
filime	1
Emili Castells	1
Scott Kingsley Clark	1
Dikshita Trivedi (Cybersecdexter)	1
Dipak Panchal (th3.d1p4k)	1
John Castro	1
Le Ngoc Anh	1
Artem Polynko (Artem Polynko)	1
alfido osdie	1
Peng Zhou	1
thiennv	1
Nguyễn Trung Kiên	1
Adrian Peña Barragan	1
Anjo Rev Tingson	1
LuxF0z	1
Thanh Nam Tran	1
zer0gh0st	1
Rayhan Ramdhany Hanaputra	1
Steven Julian	1
Majdeddine Ben Hadj Brahim	1
Edwin Siebel (edwinsiebel)	1
Simone Onofri	1
0xded093	1
Kim Cerra	1
Vuln Seeker Cybersecurity Team	1
Michel Prunet	1
1337_Wannabe	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CZ Loan Management <= 1.1 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-5975

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
CZ Loan Management

Researcher

Eddie Zhang (Project Black)

More Details >

Woocommerce OpenPos <= 6.4.4 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-37933

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Openpos - WooCommerce Point Of Sale(POS)

Researcher

Dave Jong

More Details >

WpStickyBar – Sticky Bar, Sticky Header <= 2.1.0 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-5765

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
WpStickyBar – Sticky Bar, Sticky Header

Researcher

Eddie Zhang (Project Black)

More Details >

DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-38755

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
DirectoryPress – Business Directory And Classified Ad Listing

Researcher

Peng Zhou

More Details >

OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-3604

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
OSM – OpenStreetMap

Researcher

Krzysztof Zając

More Details >

PayPlus Payment Gateway <= 7.0.7 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-37564

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
PayPlus Payment Gateway

Researcher

LVT-tholv2k

More Details >

Backup and Staging by WP Time Capsule <= 1.22.20 - Authentication Bypass to Account Takeover

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-38770

Patch Status
Patched

Published
Jul 13, 2024

Affected Software
Backup and Staging by WP Time Capsule

Researcher

Dave Jong

More Details >

Booking Ultra Pro <= 1.1.13 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-38717

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin

Researcher

Ananda Dhakal

More Details >

Event post <= 5.9.5 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-38735

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Event post

Researcher

Emili Castells

More Details >

Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6313

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Gutenberg Forms – WordPress Form Builder Plugin

Researcher

István Márton

More Details >

InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6397

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
InstaWP Connect – 1-click WP Staging & Migration

Researcher

Truoc Phan

More Details >

IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6314

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
IQ Testimonials

Researcher

István Márton

More Details >

Jobmonster <= 4.7.0 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-37927

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Noo JobMonster

Researcher

Dave Jong

More Details >

JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6624

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
JSON API User

Researcher

Thanh Nam Tran

More Details >

MStore API – Create Native Android & iOS Apps On The Cloud <= 4.14.7 - Authentication Bypass

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6328

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
MStore API – Create Native Android & iOS Apps On The Cloud

Researcher

Truoc Phan

More Details >

Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6365

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Product Table by WBW

Researcher

Foxyyy

More Details >

Search & Replace <= 3.2.2 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-38759

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Search & Replace

Researcher

Trinh Vu (Sonicrrrr)

More Details >

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.8 - Authentication Bypass

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-6695

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Researcher

John Castro

More Details >

Import Spreadsheets from Microsoft Excel <= 10.1.4 - Authenticated (Editor+) Arbitrary File Upload

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-38734

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Import Spreadsheets from Microsoft Excel

Researcher

Peng Zhou

More Details >

Jobmonster <= 4.7.0 - Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-37928

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Noo JobMonster

Researcher

Dave Jong

More Details >

Realtyna Organic IDX plugin <= 4.14.13 - Authenticated (Admin+) Arbitrary File Upload

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-38736

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Realtyna Organic IDX plugin + WPL Real Estate

Researcher

Peng Zhou

More Details >

Spiffy Calendar <= 4.9.11 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-38692

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Spiffy Calendar

Researcher

Nguyễn Trung Kiên

More Details >

Woocommerce OpenPos <= 6.4.4 - Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-37932

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Openpos - WooCommerce Point Of Sale(POS)

Researcher

Dave Jong

More Details >

Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6310

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Advanced AJAX Page Loader

Researcher

István Márton

More Details >

Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2023-7061

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Advanced File Manager Shortcodes

Researcher

Colin Xu

More Details >

Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2023-7062

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Advanced File Manager Shortcodes

Researcher

Colin Xu

More Details >

Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6309

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Attachment File Icons (AF Icons)

Researcher

István Márton

More Details >

Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6161

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Default Thumbnail Plus

Researcher

István Márton

More Details >

Events Calendar for Google <= 2.1.0 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-38716

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Events Calendar for Google

Researcher

João Pedro Soares de Alcântara

More Details >

ExS Widgets <= 0.3.1 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-38715

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
ExS Widgets

Researcher

João Pedro Soares de Alcântara

More Details >

Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-5325

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Form Vibes – Database Manager for Forms

Researcher

Peter Thaleikis

More Details >

GD Rating System <= 3.6 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-38709

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
GD Rating System

Researcher

João Pedro Soares de Alcântara

More Details >

Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6317

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Generate PDF using Contact Form 7

Researcher

István Márton

More Details >

Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6316

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Generate PDF using Contact Form 7

Researcher

István Márton

More Details >

Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-5792

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Houzez CRM

Researcher

István Márton

More Details >

Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-5793

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Houzez Theme - Functionality

Researcher

István Márton

More Details >

Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-5441

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Modern Events Calendar
Modern Events Calendar Lite

Researcher

Foxyyy

More Details >

Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-5456

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Panda Video

Researcher

stealthcopter

More Details >

Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6069

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction

Researcher

Lucio Sá

More Details >

ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6411

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researchers

Truoc Phan

Tieu Pham Trong Nhan

More Details >

ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6321

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
ScrollTo Bottom

Researcher

István Márton

More Details >

ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6320

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
ScrollTo Top

Researcher

István Márton

More Details >

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6166

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Researcher

shaman0x01

More Details >

Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]'

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6353

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Wallet for WooCommerce

Researcher

1337_Wannabe

More Details >

WordPress Team Manager <= 2.1.12 - Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-38704

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Team Manager – WordPress Showcase Team Members

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-6666

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

Edwin Siebel (edwinsiebel)

More Details >

WP User Switch <= 1.1.0 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-37560

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
WP User Switch

Researcher

thiennv

More Details >

Barcode Scanner with Inventory & Order Manager <= 1.6.1 - Authenticated (Subscriber+) SQL Injection

8.5

CVSS Rating
High (8.5)

CVE-ID
CVE-2024-38708

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Researcher

akas wisnu aji

More Details >

BerqWP <= 1.7.5 - Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-37942

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript

Researcher

Dave Jong

More Details >

Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-6123

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Researcher

István Márton

More Details >

Business Card <= 1.0.0 - Authenticated (Admin+) Arbitrary File Uplaod

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-5807

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Business Card

Researcher

Anjo Rev Tingson

More Details >

Donation Block For PayPal <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-6021

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Donation Block For PayPal

Researcher

Bob Matyas

More Details >

Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-5479

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Easy Pixels

Researcher

Lucio Sá

More Details >

EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-6180

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
EventON

Researcher

Lucio Sá

More Details >

FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-6447

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
FULL – Cliente

Researcher

stealthcopter

More Details >

TOCHAT.BE <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-37563

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
TOCHAT.BE

Researcher

Joshua Chan

More Details >

UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-5902

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds

Researcher

zer0gh0st

More Details >

Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-5992

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Cliengo – Chatbot

Researcher

Lucio Sá

More Details >

Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-37922

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Premium Addons for Elementor

Researcher

wesley (wcraft)

More Details >

WPCS <= 1.2.0.3 - Unauthenticated Arbitrary Shortcode Execution

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-38700

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WPCS – WordPress Currency Switcher Professional

Researcher

stealthcopter

More Details >

Advanced post slider <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38750

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Advanced post slider

Researcher

LVT-tholv2k

More Details >

Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38741

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Amazing Hover Effects

Researcher

Joshua Chan

More Details >

Animated Typed JS Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38679

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Animated Typed JS Shortcode

Researcher(s): Unknown

More Details >

Arkhe Blocks <= 2.22.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38675

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Arkhe Blocks

Researcher

Ngô Thiên An (ancorn_)

More Details >

Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-4667

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Blog, Posts and Category Filter for Elementor

Researcher

stealthcopter

More Details >

Booking Ultra Pro <= 1.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38676

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin

Researcher

LVT-tholv2k

More Details >

Bradmax Player <= 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37957

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Bradmax Player

Researcher

Jean Tirstan T

More Details >

Calendar.online / Kalender.digital <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38678

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Calendar.online / Kalender.digital – Plugin

Researcher

LVT-tholv2k

More Details >

Caxton – Create Pro page layouts in Gutenberg <= 1.30.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37948

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Caxton – Create Pro page layouts in Gutenberg

Researcher

Ngô Thiên An (ancorn_)

More Details >

CodePen Embedded Pens Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37960

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
CodePen Embedded Pens Shortcode

Researcher

Jean Tirstan T

More Details >

ConeBlog – WordPress Blog Widgets <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37918

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
ConeBlog – Elementor Blog Widgets

Researcher

João Pedro Soares de Alcântara

More Details >

Download Button for Elementor <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38718

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Download Button for Elementor

Researcher

Khalid

More Details >

EazyDocs <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38720

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Researcher

Khalid

More Details >

ElementInvader Addons for Elementor <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38705

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
ElementInvader Addons for Elementor

Researcher

Michael

More Details >

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5595

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Researcher

Dmitrii Ignatyev

More Details >

Extensions for Elementor <= 2.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-4868

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Extensions for Elementor

Researcher

stealthcopter

More Details >

FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 5.3.1 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38686

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6256

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Feeds for YouTube (YouTube video, channel, and gallery plugin)

Researcher

Webbernaut

More Details >

Fusion <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37962

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Fusion Page Builder

Researcher

Phill Sav (Savphill)

More Details >

Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3563

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Genesis Blocks

Researchers

Ngô Thiên An (ancorn_)

Dmitrii Ignatyev

More Details >

Goftino <= 1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38697

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Goftino

Researcher

stealthcopter

More Details >

GutSlider – All in One Block Slider <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37955

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
GutSlider – All in One Block Slider for Gutenberg

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

Job Board Manager <= 2.1.58 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38722

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Job Board Manager

Researchers

Myungju Kim

younsoung kim

SeoHyeon Lee

SeoHee Kang

More Details >

JSON Content Importer <= 1.5.6 - Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38723

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Get Use APIs – JSON Content Importer

Researcher

Ananda Dhakal

More Details >

Magical Addons For Elementor <= 1.1.41 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38681

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Researcher

SouzaZinn

More Details >

Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38730

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Researcher

Majed Refaea

More Details >

Magical Posts Display – Elementor & Gutenberg Posts Blocks <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37951

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Magical Posts Display – Elementor Advanced Posts widgets

Researcher

João Pedro Soares de Alcântara

More Details >

Master Addons for Elementor <= 2.0.6.2 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38710

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations

Researcher

Michael

More Details >

Meks Smart Author Widget <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37958

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Meks Smart Author Widget

Researcher

Joshua Chan

More Details >

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5664

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

Researcher

wesley (wcraft)

More Details >

oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6391

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
oik

Researcher

Rafshanzani Suhada

More Details >

OnePress <= 2.3.8 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38739

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
OnePress

Researcher

stealthcopter

More Details >

OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3603

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
OSM – OpenStreetMap

Researcher

Krzysztof Zając

More Details >

Panda Video <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5457

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Panda Video

Researcher

stealthcopter

More Details >

Post Layouts for Gutenberg <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38682

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Post Layouts for Gutenberg

Researcher

SouzaZinn

More Details >

Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37959

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Power BI Embedded for WordPress

Researcher

Joshua Chan

More Details >

PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6588

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
PowerPress Podcasting plugin by Blubrry

Researcher

Webbernaut

More Details >

Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6495

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Premium Addons for Elementor

Researcher

Webbernaut

More Details >

Qi Blocks <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38712

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Qi Blocks

Researcher

João Pedro Soares de Alcântara

More Details >

Quiz and Survey Master <= 9.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6390

Patch Status
Patched

Published
Jul 13, 2024

Affected Software
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Researcher

Dmitrii Ignatyev

More Details >

Responsive Mobile <= 1.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37949

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Responsive Mobile

Researcher

stealthcopter

More Details >

Responsive Tabs <= 4.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-4096

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Responsive Tabs

Researcher

Krugov Artyom

More Details >

REVIEWS.io <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38677

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
REVIEWS.io for WooCommerce

Researcher

LVT-tholv2k

More Details >

Seraphinite Post .DOCX Source <= 2.16.9 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38728

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Seraphinite Post .DOCX Source

Researcher

Peng Zhou

More Details >

Simple Alert Boxes <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5937

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Simple Alert Boxes

Researcher

Francesco Carlucci

More Details >

SKT Addons for Elementor <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38674

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
SKT Addons for Elementor

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

SKT Skill Bar <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38698

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
SKT Skill Bar

Researcher

Jean Tirstan T

More Details >

Sky Addons for Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38687

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)

Researcher

Khalid

More Details >

SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38684

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)

Researcher

SouzaZinn

More Details >

Squelch Tabs and Accordions Shortcodes <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5946

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Squelch Tabs and Accordions Shortcodes

Researcher

Peter Thaleikis

More Details >

Tabs For WPBakery Page Builder <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37936

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Tabs For WPBakery Page Builder (formerly Visual Composer)

Researcher

LVT-tholv2k

More Details >

Team Members <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38670

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Team Members

Researcher

Jean Tirstan T

More Details >

Typebot <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38757

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Typebot | Create advanced chat experiences without coding

Researcher

LVT-tholv2k

More Details >

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-4866

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)

Researcher

stealthcopter

More Details >

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6170

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Researcher

shaman0x01

More Details >

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-6169

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Researcher

shaman0x01

More Details >

VK All in One Expansion Unit <= 9.99.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37956

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
VK All in One Expansion Unit

Researcher

Phill Sav (Savphill)

More Details >

WappPress <= 6.0.4 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38758

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute

Researcher

Majed Refaea

More Details >

Webico Slider Flatsome Addons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5881

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Webico Slider Flatsome Addons

Researcher

Francesco Carlucci

More Details >

WooCommerce Customers Manager <= 30.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1747

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WooCommerce Customers Manager

Researcher

Erwan LR

More Details >

WP Event Aggregator <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38703

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress

Researcher

Manab Jyoti Dowarah

More Details >

WP GoToWebinar <= 15.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38671

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WP GoToWebinar

Researcher

Majed Refaea

More Details >

WP Photo Album Plus <= 8.8.02.002 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38713

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WP Photo Album Plus

Researcher

stealthcopter

More Details >

WP Travel Engine <= 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-37944

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software

Researcher

Manab Jyoti Dowarah

More Details >

WPBITS Addons For Elementor Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-4862

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
WPBITS Addons For Elementor Page Builder

Researcher

stealthcopter

More Details >

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-5669

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Happy WooCommerce FAQs & AI FAQ Generator (Formarly XPlainer)

Researcher

Lucio Sá

More Details >

Zoho Campaigns <= 2.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-38752

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Zoho Campaigns

Researcher

Majed Refaea

More Details >

AdPush <= 1.50 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38672

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
AdPush

Researcher

Dimas Maulana

More Details >

Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps <= 1.36.12 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38680

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps

Researcher

Dimas Maulana

More Details >

ARForms Form Builder <= 1.6.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37920

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Contact Form, Survey, Quiz & Popup Form Builder – ARForms

Researcher

beluga

More Details >

codoc <= 0.9.51.12 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37961

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
codoc

Researcher

Majed Refaea

More Details >

Contact Form 7 Summary and Print <= 1.2.5 - Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38724

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Contact Form 7 To PDF Viewer

Researcher

Cronus

More Details >

Counterpoint <= 1.8.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37559

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Counterpoint

Researcher

akas wisnu aji

More Details >

Link Library <= 7.7.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38711

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Link Library

Researcher

LVT-tholv2k

More Details >

Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2023-6813

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Login by Auth0

Researcher

Krzysztof Zając

More Details >

MBE eShip <= 2.2.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37953

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
MBE eShip

Researcher

Dimas Maulana

More Details >

Moloni <= 4.7.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38694

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Moloni

Researcher

beluga

More Details >

Multisite Content Copier/Updater <= 2.0.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38673

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WordPress Multisite Content Copier/Updater

Researcher

Dimas Maulana

More Details >

Plum: Spin Wheel & Email Pop-up <= 2.0 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38744

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Plum: Spin Wheel & Email Pop-up

Researcher

Ananda Dhakal

More Details >

Send email only on Reply to My Comment <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-6224

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Send email only on Reply to My Comment

Researcher

Bob Matyas

More Details >

Send email only on Reply to My Comment <= 1.0.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-6223

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Send email only on Reply to My Comment

Researcher

Bob Matyas

More Details >

Simple Responsive Slider <= 0.2.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37954

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Simple Responsive Slider

Researcher

Dimas Maulana

More Details >

SpiderContacts <= 1.1.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-6272

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
SpiderContacts

Researcher

Bob Matyas

More Details >

Ultimate Classified Listings <= 1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-5883

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Ultimate Classified Listings

Researcher

Bob Matyas

More Details >

Ultimate Classified Listings <= 1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-6529

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Ultimate Classified Listings

Researcher

Erwan LR

More Details >

Ultimate Classified Listings <= 1.3 - Unauthenticated Local File Inclusion

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-5882

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Ultimate Classified Listings

Researcher

Eddie Zhang (Project Black)

More Details >

Uncanny Automator Pro <= 5.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37117

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Uncanny Automator Pro

Researcher

Dave Jong

More Details >

Web Directory Free <= 1.7.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-3669

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Web Directory Free

Researchers

Simone Onofri

0xded093

Kim Cerra

More Details >

WooCommerce Predictive Search <= 6.0.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38669

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Predictive Search for WooCommerce

Researcher

LVT-tholv2k

More Details >

WooCommerce Report <= 1.4.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38683

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WooCommerce Report

Researcher

Le Ngoc Anh

More Details >

WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-5809

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
WP Ajax Contact Form

Researcher

Bob Matyas

More Details >

WpStickyBar – Sticky Bar, Sticky Header <= 2.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-6226

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
WpStickyBar – Sticky Bar, Sticky Header

Researcher

Bob Matyas

More Details >

YITH WooCommerce Ajax Product Filter <= 5.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-37943

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
YITH WooCommerce Ajax Product Filter

Researcher

Rafie Muhammad

More Details >

Zoho CRM Lead Magnet <= 1.7.8.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-38696

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Zoho CRM Lead Magnet

Researcher

Dimas Maulana

More Details >

Jetpack Boost <= 3.4.6 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-6584

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Jetpack Boost – Website Speed, Performance and Critical CSS

Researcher

miguelxpn

More Details >

Tutor LMS <= 2.7.2 - Authenticated (Tutor Instructor+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-37947

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Tutor LMS – eLearning and online course solution

Researcher

akas wisnu aji

More Details >

WP Total Branding <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via title Parameter

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-6625

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WP Total Branding – Complete branding solution for WordPress

Researcher

Artem Polynko (Artem Polynko)

More Details >

Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-5993

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Cliengo – Chatbot

Researcher

Lucio Sá

More Details >

Cliengo – Chatbot <= 3.0.1 - Cross-Site Request Forgery

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-37923

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Cliengo – Chatbot

Researcher

Majed Refaea

More Details >

Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-5600

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue

Researcher

Lucio Sá

More Details >

Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-6392

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Image Optimizer, Resizer and CDN – Sirv

Researcher

Rafshanzani Suhada

More Details >

LearnDash LMS - Reports Free <= 1.8.2.1 - Missing Authorization to Plugin Settings Update

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-5648

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
LearnDash LMS – Reports

Researcher

Lucio Sá

More Details >

Pricing Table <= 2.0.1 - Missing Authorization

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-4102

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Pricing Table

Researcher

Benedictus Jovan (aillesiM)

More Details >

WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-3983

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WooCommerce Customers Manager

Researcher

Bob Matyas

More Details >

WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2843

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WooCommerce Customers Manager

Researcher

Bob Matyas

More Details >

WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-5285

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
WP Affiliate Platform

Researcher

Bob Matyas

More Details >

Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6554

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Branda – Branda – White Label & Branding, Custom Login Page Customizer

Researcher

stealthcopter

More Details >

Chained Quiz <= 1.3.2.8 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-37921

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Chained Quiz

Researcher

Manab Jyoti Dowarah

More Details >

Coming Soon <= 1.6.3 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38756

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Coming Soon Page – Responsive Coming Soon & Maintenance Mode

Researcher

Joshua Chan

More Details >

Duplicator <= 1.5.9 - Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6210

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Researcher

stealthcopter

More Details >

EleForms <= 2.9.9.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38748

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
EleForms – All In One Form Integration including DB for Elementor

Researcher

Dhabaleshwar Das

More Details >

EmbedPress <= 4.0.4 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38707

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
EmbedPress – Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents

Researcher

Rafie Muhammad

More Details >

Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6550

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Gravity Forms: Multiple Form Instances

Researcher

stealthcopter

More Details >

HitPay Payment Gateway for WooCommerce <= 4.1.3 - Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38747

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
HitPay Payment Gateway for WooCommerce

Researcher

Joshua Chan

More Details >

iPanorama 360 WordPress Virtual Tour Builder <= 1.8.3 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38690

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
iPanorama 360 – Advanced Virtual Tour Builder

Researcher

Steven Julian

More Details >

Laposta <= 1.12 - Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6574

Patch Status
Unpatched

Published
Jul 12, 2024

Affected Software
Laposta

Researcher

stealthcopter

More Details >

MBE eShip <= 2.1.2 - Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38742

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
MBE eShip

Researcher

Joshua Chan

More Details >

Olive One Click Demo Import <= 1.1.2 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38749

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Olive One Click Demo Import

Researcher

Peng Zhou

More Details >

Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-0619

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Payflex Payment Gateway

Researcher

Francesco Carlucci

More Details >

Plum: Spin Wheel & Email Pop-up <= 2.0 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38743

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Plum: Spin Wheel & Email Pop-up

Researcher

Ananda Dhakal

More Details >

Pricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax()

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-4100

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Pricing Table

Researcher

Benedictus Jovan (aillesiM)

More Details >

Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38702

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Product Delivery Date for WooCommerce – Lite

Researcher

Dhabaleshwar Das

More Details >

Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-3608

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Product Designer

Researcher

Lucio Sá

More Details >

ReDi Restaurant Reservation <= 24.0422 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38737

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
ReDi Restaurant Reservation

Researcher

Ananda Dhakal

More Details >

Send Users Email <= 1.5.1 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38760

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
Send Users Email – Email Subscribers, Email Marketing Newsletter

Researcher

Joshua Chan

More Details >

SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6556

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer

Researcher

stealthcopter

More Details >

SmartMag <= 9.3.0 - Unauthenticated Sensitive Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-37930

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
SmartMag

Researcher

akas wisnu aji

More Details >

Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-3228

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Social Sharing Plugin – Kiwi

Researcher

Krzysztof Zając

More Details >

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6171

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Researcher

shaman0x01

More Details >

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.7 - Missing Authorization to Unauthenticated Media Upload

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6366

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Researcher

Michel Prunet

More Details >

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.11 - Unauthenticated Information Disclosure via Unprotected Directories

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6477

Patch Status
Patched

Published
Jul 13, 2024

Affected Software
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

Researcher

Majdeddine Ben Hadj Brahim

More Details >

Wallet System for WooCommerce <= 2.5.13 - Information Exposure via Log Files

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38699

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction

Researcher

Joshua Chan

More Details >

Wholesale Suite <= 2.1.12 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38745

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More

Researcher

Mika

More Details >

Woocommerce OpenPos <= 7.0.1 - Missing Authorization to Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-37935

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Openpos - WooCommerce Point Of Sale(POS)

Researcher

Dave Jong

More Details >

WP Accessibility Helper (WAH) <= 0.6.2.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-37926

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
WP Accessibility Helper (WAH)

Researcher

Mika

More Details >

WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-6555

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WP Popups – WordPress Popup builder

Researcher

stealthcopter

More Details >

WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-5810

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100

Researcher

Lucio Sá

More Details >

WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-37924

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100

Researcher

Peng Zhou

More Details >

Zephyr Project Manager <= 3.3.99 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-38761

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
Zephyr Project Manager

Researcher

Joshua Chan

More Details >

Admin Dashboard RSS Feed <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-38725

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Admin Dashboard RSS Feed

Researchers

Myungju Kim

younsoung kim

SeoHyeon Lee

SeoHee Kang

More Details >

Change From Email <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-38738

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Change From Email

Researcher

Cronus

More Details >

Email Encoder – Protect Email Addresses and Phone Numbers <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-4483

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Email Encoder – Protect Email Addresses and Phone Numbers

Researcher

Krugov Artyom

More Details >

FormFlow <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-3113

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Simple WhatsApp form- Quick Custom WhatsApp & WordPress Form Builder

Researchers

Dikshita Trivedi (Cybersecdexter)

Dipak Panchal (th3.d1p4k)

More Details >

Gum Elementor Addon <= 1.3.5 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-37565

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Gum Elementor Addon

Researcher

Michael

More Details >

Inline Related Posts <= 3.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-6487

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Inline Related Posts

Researcher

Dmitrii Ignatyev

More Details >

Master Popups <= 1.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-37950

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
Master Popups

Researcher

alfido osdie

More Details >

My Sticky Bar (formerly myStickymenu) <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-4090

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu)

Researcher

Krugov Artyom

More Details >

Plugin Notes Plus <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-37561

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Plugin Notes Plus

Researcher

akas wisnu aji

More Details >

ReCaptcha Integration for WordPress <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-37946

Patch Status
Unpatched

Published
Jul 10, 2024

Affected Software
ReCaptcha Integration for WordPress

Researcher

LuxF0z

More Details >

Simple Popup <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-38689

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Simple Popup Plugin

Researcher

Cronus

More Details >

Simple Post Notes <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-37562

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Simple Post Notes

Researcher

akas wisnu aji

More Details >

Slider by 10Web <= 1.2.56 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-6408

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Slider by 10Web – Responsive Image Slider

Researcher

Dmitrii Ignatyev

More Details >

SportsPress – Sports Club & League Manager <= 2.7.21 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-3986

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
SportsPress – Sports Club & League Manager

Researcher

Krugov Artyom

More Details >

Timeline Module for Beaver Builder <= 1.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-37919

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Timeline Module for Beaver Builder

Researcher

João Pedro Soares de Alcântara

More Details >

WANotifier – Send Message Notifications Using WhatsApp API <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-6165

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WANotifier – Send Message Notifications Using Cloud API

Researcher

Bob Matyas

More Details >

WP Announcement <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-38685

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
WP Announcement | Dynamic Announcement, Banner, & Countdown Timer for Effective Promotions

Researcher

Rayhan Ramdhany Hanaputra

More Details >

Zephyr Project Manager <= 3.3.97 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-6536

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Zephyr Project Manager

Researcher

Adrian Peña Barragan

More Details >

Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38719

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Auto Featured Image (Auto Post Thumbnail)

Researcher

Joshua Chan

More Details >

BuddyBoss Theme <= 2.4.61 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37925

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
BuddyBoss Theme

Researcher

Dave Jong

More Details >

Comment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5856

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Comment Images Reloaded

Researcher

Lucio Sá

More Details >

Dynamic Word Spinner: CSS3 Animated Rotation <= 5.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38753

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Dynamic Word Spinner: CSS3 Animated Rotation

Researcher

Majed Refaea

More Details >

EazyDocs <= 2.5.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38721

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Researcher

Khalid

More Details >

Event post <= 5.9.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1375

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Event post

Researcher

Francesco Carlucci

More Details >

Event Tickets <= 5.11.0.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38762

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
Event Tickets and Registration

Researcher

Joshua Chan

More Details >

Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5677

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Featured Image Generator

Researcher

Lucio Sá

More Details >

Google Adsense & Banner Ads by AdsforWP <= 1.9.28 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38751

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Easy Google Adsense and Banner Ads Manager – AdsforWP

Researcher

Majed Refaea

More Details >

HT Mega <= 2.5.7 - Authenticated (Contributor+) JSON File Directory Traversal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38706

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
HT Mega – Absolute Addons For Elementor

Researcher

Rafie Muhammad

More Details >

HTML Forms – Simple WordPress Forms Plugin <= 1.3.33 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6412

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
HTML Forms – Simple WordPress Forms Plugin

Researcher

Bob Matyas

More Details >

i-amaze <= 1.3.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38731

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
i-amaze

Researcher

Dhabaleshwar Das

More Details >

i-transform <= 3.0.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38764

Patch Status
Unpatched

Published
Jul 12, 2024

Affected Software
i-transform

Researcher

Dhabaleshwar Das

More Details >

Internal Link Juicer: SEO Auto Linker for WordPress <= 2.24.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37941

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Internal Link Juicer: SEO Auto Linker for WordPress

Researcher

Dhabaleshwar Das

More Details >

Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery via AJAX actions

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6168

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Just Custom Fields

Researcher

Francesco Carlucci

More Details >

Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6167

Patch Status
Unpatched

Published
Jul 8, 2024

Affected Software
Just Custom Fields

Researcher

Francesco Carlucci

More Details >

Light Poll <= 1.0.0 - Cross-Site Request Forgery to Poll Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6496

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Light Poll

Researcher

Vuln Seeker Cybersecurity Team

More Details >

MakeStories (for Google Web Stories) <= 3.0.3 - Authenticated (Subscriber+) Arbitrary File Download and Server-Side Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38746

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
MakeStories (for Google Web Stories)

Researcher

Majed Refaea

More Details >

Matomo Analytics <= 5.1.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38766

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
Matomo Analytics – Ethical Stats. Powerful Insights.

Researcher

Dhabaleshwar Das

More Details >

MBE eShip <= 2.1.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38729

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
MBE eShip

Researcher

Joshua Chan

More Details >

Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5855

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Media Hygiene: Remove or Delete Unused Images and More!

Researcher

Lucio Sá

More Details >

Meks Video Importer <= 1.0.11 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38733

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Meks Video Importer

Researcher

Majed Refaea

More Details >

Metorik – Reports & Email Automation for WooCommerce <= 1.7.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38691

Patch Status
Patched

Published
Jul 10, 2024

Affected Software
Metorik – Reports & Email Automation for WooCommerce

Researcher

Majed Refaea

More Details >

Oceanic <= 1.0.53 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38765

Patch Status
Unpatched

Published
Jul 12, 2024

Affected Software
Oceanic

Researcher

Dhabaleshwar Das

More Details >

Packlink PRO shipping module <= 3.4.6 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38740

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Packlink PRO shipping module

Researcher

Dhabaleshwar Das

More Details >

Paid Memberships Pro - Member Directory Add On < 1.2.6 - Authenticated (Contributor+) Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1287

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Paid Memberships Pro - Member Directory Add On

Researcher

Scott Kingsley Clark

More Details >

Pardakht Delkhah <= 2.9.8 - Cross-Site Request Forgery to Form Setting Reset

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6230

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
پلاگین پرداخت دلخواه

Researcher

Bob Matyas

More Details >

Patricia Blog <= 1.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38732

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Patricia Blog

Researcher

Dhabaleshwar Das

More Details >

Patricia Lite <= 1.2.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37939

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Patricia Lite

Researcher

Dhabaleshwar Das

More Details >

Point <= 1.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37931

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
Point

Researcher

Dhabaleshwar Das

More Details >

Popularis Verse <= 1.0.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38763

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
Popularis Verse

Researcher

Dhabaleshwar Das

More Details >

ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6410

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researcher

Tieu Pham Trong Nhan

More Details >

Seraphinite Accelerator Premium <= 2.21.13 - Cross-Site Request Forgery to Arbitrary File Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37940

Patch Status
Patched

Published
Jul 9, 2024

Affected Software
Seraphinite Accelerator Pro

Researcher

Dave Jong

More Details >

Seraphinite Post .DOCX Source <= 2.16.9 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38727

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Seraphinite Post .DOCX Source

Researcher

Peng Zhou

More Details >

SociallyViral <= 1.0.10 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37938

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
SociallyViral

Researcher

Dhabaleshwar Das

More Details >

Taggbox <= 3.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38754

Patch Status
Unpatched

Published
Jul 11, 2024

Affected Software
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics

Researcher

Majed Refaea

More Details >

Titan Anti-spam & Security <= 7.3.7 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38777

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Titan Anti-spam & Security

Researcher

Joshua Chan

More Details >

User Activity Log Pro <= 2.3.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-37929

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
User Activity Log Pro

Researcher

Dave Jong

More Details >

WP Ajax Contact Form <= 2.2.2 - Cross-Site Request Forgery to Arbitrary Email Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5808

Patch Status
Unpatched

Published
Jul 9, 2024

Affected Software
WP Ajax Contact Form

Researcher

Bob Matyas

More Details >

WP Fast Total Search <= 1.68.232 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38714

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WP Fast Total Search – The Power of Indexed Search

Researcher

Majed Refaea

More Details >

WP GoToWebinar <= 15.6 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-38695

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
WP GoToWebinar

Researcher

Majed Refaea

More Details >

WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-6465

Patch Status
Patched

Published
Jul 12, 2024

Affected Software
WP Links Page

Researcher

Lucio Sá

More Details >

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-5704

Patch Status
Patched

Published
Jul 8, 2024

Affected Software
Happy WooCommerce FAQs & AI FAQ Generator (Formarly XPlainer)

Researcher

Lucio Sá

More Details >

Academy LMS <= 2.0.4 - Missing Authorization

2.7

CVSS Rating
Low (2.7)

CVE-ID
CVE-2024-38701

Patch Status
Patched

Published
Jul 11, 2024

Affected Software
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

Researcher

filime

More Details >