WordPress WP Fast Total Search Plugin <= 1.69.234 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.69.234 Fixed in 1.70.236 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-38778 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 7430c079e28f Credits Majed Refaea...

WordPress CTX Feed Plugin <= 6.5.6 is vulnerable to Privilege Escalation

Software CTX Feed Type Plugin Vulnerable versions = 6.5.6 Fixed in 6.5.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38775 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID cbdae09cf674 Credits stealthcopter Required privilege Sh...

WordPress WPForms User Registration Plugin <= 2.1.0 is vulnerable to Privilege Escalation

Software WPForms User Registration Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-52209 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 78ca3b70599d Credits...

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...

WordPress Smart Image Gallery Plugin < 1.0.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Image Gallery Type Plugin Vulnerable versions 1.0.19 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13b040259b7b Credits Bob Matyas...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability

Authentication Bypass and Privilege Escalation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.20...

WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.20 is vulnerable to Privilege Escalation

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.20 Fixed in 1.22.21 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38770 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3832eb3f9ffc Credits Da...

WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross Site Request Forgery CSRF leading to Notice Dismissal vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Matomo Analytics versions = 5.1.1...

WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme i-transform versions = 3.0.9...

WordPress Popularis Verse Theme <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Popularis Verse Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38763 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be4cf6f1e0c0 Credits Dhabaleshwar Das...

WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL Injection

Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5325 Patch priority High CVSS severity High 8.5 Developer WPVibes PSID ede7aa3d2234 Credits Peter Thaleikis Required...

WordPress Typebot plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Typebot versions = 3.6.0...

WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Coming Soon versions = 1.6.3...

WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Taggbox versions = 3.3...

WordPress Zoho Campaigns plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Zoho Campaigns versions = 2.0.8...

WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Animated Rotating Words versions = 5.6...

WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin EleForms versions = 2.9.9.9...

WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin MBE eShip versions = 2.1.2...

WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme OnePress versions = 2.3.8...

WordPress Change From Email plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Change From Email versions = 1.2.1...