WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...

WordPress Login As Users Plugin <= 1.4.2 is vulnerable to Privilege Escalation

Software Login As Users Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-43311 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 61576dd70a4f Credits John Blackbourn Required...

WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Insert PHP Code Snippet versions = 1.3.6...

WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection

Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...

WordPress Insert PHP Code Snippet Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43275 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6953adb666a Credits Rafie...

WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin plugin <= 1.3.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Icegram Collect versions = 1.3.14...

WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Woo Products Widgets For Elementor versions = 2.0.4...

WordPress WP BackItUp plugin <= 1.50 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP BackItUp versions = 1.50...

WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability

CSRF Leading to Optout Vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Analytify versions = 5.3.1...

WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Create by Mediavine versions = 1.9.8...

WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability

Remote File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Compute Links versions = 1.2.1...

WordPress Store Locator Plus® for WordPress plugin <= 2311.17.01 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Store Locator Plus versions = 2311.17.01...

WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress WHMpress plugin <= 6.2-revision-5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WHMpress versions = 6.2-revision-5...

WordPress JobSearch plugin <= 2.3.4 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Dave Jong Patchstack in WordPress Plugin JobSearch versions = 2.3.4...

WordPress Houzez theme <= 3.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jorge Rodriguez Patchstack Alliance in WordPress Theme Houzez versions = 3.2.4...

WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ultimate Membership Pro versions = 12.7...