Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cache

LiteSpeed Cache Privilege Escalation PoC - CVE-2024-28000...

WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection

Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...

WordPress AdRotate Plugin <= 5.13.2 is vulnerable to Arbitrary File Upload

Software AdRotate Type Plugin Vulnerable versions = 5.13.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-1206 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID f703ac87a2d0 Credits Jorgson Required privilege Administrator Published...

WordPress myCred plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin myCred versions = 2.7.2...

WordPress Button contact VR plugin <= 4.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Button contact VR versions = 4.7.7...

WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Modal Window versions = 6.0.3...

WordPress Icegram Engage plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Icegram versions = 3.1.25...

WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme Hello Agency versions = 1.0.5...

WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin WebinarPress versions = 1.33.20...

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP User Manager versions = 2.9.10...

WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Photo Engine versions = 6.4.0...

WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin WP SMS versions = 6.9.3...

WordPress Allegiant theme <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Allegiant versions = 1.2.7...

WordPress PowerPack for Beaver Builder plugin < 2.37.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PowerPack for Beaver Builder versions 2.37.4...

WordPress EmbedPress plugin <= 4.0.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin EmbedPress versions = 4.0.9...

WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin ReviewX versions = 1.6.28...

WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Asset CleanUp: Page Speed Booster versions = 1.3.9.3...

WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Print Barcode Labels for your WooCommerce products/orders versions = 3.4.9...

WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin WP Telegram Widget and Join Link versions = 2.1.27...

WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability

Cross Site Request Forgery CSRF to Stored XSSvulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Fonts versions = 3.7.7...