WordPress MainWP Child Reports plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin MainWP Child Reports versions = 2.1.1...

WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin FameTheme Demo Importer versions = 1.1.5...

WordPress MainWP Child Reports Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33680 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2150654abae2 Credits Brandon Roldan...

WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.7 is vulnerable to Bypass Vulnerability

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.11 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32827 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1c85afd440e3 Credits...

WordPress Zero Spam for WordPress plugin <= 5.5.6 - Bypass Spam Protection vulnerability

Bypass Spam Protection vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Zero Spam versions = 5.5.6...

WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin WP Google Analytics Events versions = 2.8.0...

WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin UsersWP versions 1.2.6...

WordPress Simple Post Notes plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Simple Post Notes versions = 1.7.6...

WordPress Page Builder: Live Composer Plugin <= 1.5.35 is vulnerable to Cross Site Request Forgery (CSRF)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.35 Fixed in 1.5.36 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31933 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c287b96c4dbe Credits Brand...

WordPress Inline Related Posts Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Inline Related Posts Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.4.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31426 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 472557d2a031 Credits Brandon Roldan...

WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Post Views Counter versions = 1.4.4...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.2 Fixed in 8.5.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52120 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6c987b0249e3 Credits...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.20 Fixed in 6.21 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.4 Fixed in 1.4.1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49834 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dcb04c679c38...

WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kadence WooCommerce Email Designer Type Plugin Vulnerable versions = 1.5.11 Fixed in 1.5.12 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47186 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7f0bae8b697 Credit...

WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability

Unauthenticated Error Log Disclosure vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Media Library Assistant plugin versions = 3.00. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 3.01...

WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability

Block BYPASS vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress iQ Block Country plugin versions = 1.2.18. Solution Update the WordPress iQ Block Country plugin to the latest available version at least 1.2.19...

WordPress SupportCandy plugin <= 2.2.6 - Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Ticket Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...

WordPress SupportCandy plugin <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion vulnerability

Unauthenticated Arbitrary Ticket Deletion vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.4. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.5...

WordPress wpDiscuz plugin <= 7.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Comment Addition/Edition/Deletion

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Comment Addition/Edition/Deletion discovered by Brandon Roldan in WordPress wpDiscuz plugin versions = 7.3.3. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.3.4...