WordPress WPMobile.App Plugin <= 11.41 is vulnerable to Cross Site Scripting (XSS)

Software WPMobile.App Type Plugin Vulnerable versions = 11.41 Fixed in 11.42 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-35694 Patch priority Medium CVSS severity Medium 7.1 Developer Amauri.IO PSID 392a8fdcac50 Credits CatFather Required privilege...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...

WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Do Truong Giang Patchstack Alliance in WordPress Plugin Contact Form to DB by BestWebSoft versions = 1.7.2...

WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin MegaMenu versions = 2.3.12...

WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Recurring PayPal Donations versions = 1.7...

WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.109...

WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Pure Chat versions = 2.22...

WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Cowidgets – Elementor Addons versions = 1.1.1...

WordPress FS Product Inquiry Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software FS Product Inquiry Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4856 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 989359976d53 Credits Bob Matyas Requir...

WordPress MJ Update History plugin <= 1.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin MJ Update History versions = 1.0.4...

WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Debug Log Manager versions = 2.3.1...

WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Brevo versions = 3.1.77...

WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP EasyCart versions = 5.5.19...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Upload Fields for WPForms versions = 1.0.2...

WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Van Lyubov Patchstack Alliance in WordPress Plugin KiviCare versions = 3.6.6...

WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Checkout Field Editor for WooCommerce Pro versions = 3.6.2...

WordPress WP-Recall plugin <= 16.26.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin WP-Recall versions = 16.26.6...

WordPress Responsive theme <= 5.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Responsive versions = 5.0.3...

WordPress Save as PDF Plugin by Pdfcrowd plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Save as PDF versions = 3.2.3...