WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin PropertyHive versions = 2.0.9...

WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Laybuy Payment Extension for WooCommerce versions = 5.3.9...

WordPress Ibtana plugin <= 1.2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Ibtana versions = 1.2.3.3...

WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin Tabs versions = 4.0.6...

WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Sinatra versions = 1.3...

WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability

Unauthenticated Settings & Users Data Dump vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability

CSRF leading to notice dismissal vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Envira Photo Gallery versions = 1.8.7.3...

WordPress WPMU Defender plugin <= 3.3.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin Defender Security versions = 3.3.2...

WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin WP 2FA versions = 2.6.3...

WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.1...

WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Consulting Elementor Widgets versions = 1.3.0...

WordPress Consulting Elementor Widgets plugin <= 1.3.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Consulting Elementor Widgets versions = 1.3.0...

WordPress Demo Awesome Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software Demo Awesome Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37207 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 678378443c06 Credits Abdi Pranata Required privilege...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Sensitive Data Exposure

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37110 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a0be12d15f6b Credits Dave Jong Patchstack...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary Code Execution

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-37109 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fa508ef02b6e Credits Dave Jong Patchstack Required...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary File Deletion

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37108 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 544b49cbebea Credits Dave Jong Patchstack...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37090 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6570f9049c30 Credits Rafie Muhammad Patchstack Required...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Remote Code Execution (RCE)

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 9000e26ba1f3 Credits Rafie Muhammad...

WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter Plugin <= 1.222.16 is vulnerable to Broken Access Control

Software Ultimate Custom Add To Cart Button Ajax For WooCommerce by Binary Carpenter Type Plugin Vulnerable versions = 1.222.16 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37202 Patch priority Medium CVSS severity Medium 6.5 Developer Clai...