WordPress WishList Member X Plugin < 3.26.7 is vulnerable to SQL Injection

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification SQL Injection CVE CVE-2024-37112 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 61954a7187be Credits Dave Jong Patchstack Required...

WordPress Master Slider Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Type Plugin Vulnerable versions = 3.10.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37222 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90295bc054b8 Credits Rafie Muhammad Patchstack Required...

WordPress My Favorites Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software My Favorites Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37114 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e94c277c4f6 Credits Jean Tirstan T Required privilege Contribut...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Privilege Escalation

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37107 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 853821d46a11 Credits Dave Jong Patchstack...

WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter Plugin <= 1.222.16 is vulnerable to Broken Access Control

Software Ultimate Custom Add To Cart Button Ajax For WooCommerce by Binary Carpenter Type Plugin Vulnerable versions = 1.222.16 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37202 Patch priority Medium CVSS severity Medium 6.5 Developer Clai...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary Code Execution

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-37109 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fa508ef02b6e Credits Dave Jong Patchstack Required...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37090 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6570f9049c30 Credits Rafie Muhammad Patchstack Required...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37089 Patch priority High CVSS severity High 9 Developer Claim ownership PSID af33d70e30a2 Credits Rafie Muhammad Patchstack...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Remote Code Execution (RCE)

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 9000e26ba1f3 Credits Rafie Muhammad...

Exploit for Improper Authentication in Elementor Website_Builder

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to N...

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability

Contributor+ Shortcode Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Page Builder: Live Composer versions = 1.5.42...

WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hueman versions = 3.7.24...

WordPress Slideshow SE plugin <= 2.5.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Slideshow SE versions = 2.5.20...

WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Squeeze versions = 1.4...

WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Excellent versions = 1.2.9...

WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Serious Slider versions = 1.2.4...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.4.0...

WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LuxF0z Patchstack Alliance in WordPress Plugin WP Job Portal versions = 2.1.3...

WordPress Interface theme <= 3.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Interface versions = 3.1.0...

WordPress Easy Age Verify plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Huynh Tien Si Patchstack Alliance in WordPress Plugin Easy Age Verify versions = 1.8.2...