WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...

WordPress Pinpoint Booking System Plugin <= 2.9.9.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.7...

WordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.7...

WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin WordPress Portfolio Builder – Portfolio Gallery versions = 1.1.7...

WordPress Podlove Podcast Publisher plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.13...

WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Print Barcode Labels for your WooCommerce products/orders versions = 3.4.9...

WordPress Forms to Zapier plugin <= 1.1.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook versions = 1.1.12...

WordPress User Activity Log plugin <= 1.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin User Activity Log versions = 1.9...

WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin 10Web Map Builder for Google Maps versions = 1.0.74...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.1 is vulnerable to Broken Access Control

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1092 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d6dde9967d92 Credits Muhammad Daffa Requir...

WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50844 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8506292c33f5 Credits Muhammad Daffa Required privilege Administrator...

WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2302 Fixed in 2309 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9767a2935241 Credits Muhammad Daffa...

WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Themify Portfolio Post Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-32970 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID b8a82c2c105c Credits Muhammad Daffa...

WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software PixelYourSite – Your smart PIXEL TAG Manager Type Plugin Vulnerable versions = 9.3.0 Fixed in 9.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22700 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf76bce3f34...

WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...

WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Page Widget plugin versions = 3.9. Solution Update the WordPress WP Page Widget plugin to the latest available version at least 4.0...

WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to deletion of 404 errors and redirection history was discovered by Muhammad Daffa Patchstack Alliance in the WordPress SEO Redirection plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version...

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...

WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure

Sensitive Information Disclosure vulnerability discovered in WordPress wpDiscuz plugin versions = 7.3.11 by Muhammad Daffa. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.3.12...

WordPress Charitable plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...