WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Checkout Field Editor for WooCommerce Pro versions = 3.6.2...

WordPress WP-Recall plugin <= 16.26.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin WP-Recall versions = 16.26.6...

WordPress Responsive theme <= 5.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Responsive versions = 5.0.3...

WordPress Save as PDF Plugin by Pdfcrowd plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Save as PDF versions = 3.2.3...

WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Remote File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin MelaPress Login Security versions = 1.3.0...

WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3200 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 101daf0caeac Credits Krzysztof Zając Required privilege Contributor...

WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ret2desync Patchstack Alliance in WordPress Plugin Preferred Languages versions = 2.2.2...

WordPress WP Back Button plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by alfido osdie Patchstack Alliance in WordPress Plugin WP Back Button versions = 1.1.3...

WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Site Favicon versions = 0.2...

WordPress Just Writing Statistics plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Just Writing Statistics versions = 4.5...

WordPress Safety Exit plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Safety Exit versions = 1.7.0...

WordPress Simple Spoiler plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Simple Spoiler versions = 1.2...

WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin Blocksy Companion versions = 2.0.42...

WordPress Gianism Plugin <= 5.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Gianism Type Plugin Vulnerable versions = 5.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3921 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 07b73547799b Credits Felipe Restrepo Rodriguez Mateo...

WordPress Slider Revolution Plugin < 6.7.0 is vulnerable to Broken Access Control

Software Slider Revolution Type Plugin Vulnerable versions 6.7.0 Fixed in 6.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34444 Patch priority Medium CVSS severity Medium 7.1 Developer ThemePunch PSID de1987954a97 Credits Rafie Muhammad Patchstack...

Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability

File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Woocommerce – Recent Purchases versions = 1.0.1...

WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability

Remote File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Easy Digital Downloads – Recent Purchases versions = 1.0.2...

WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Photo Gallery by 10Web versions = 1.8.25...

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4534 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3868f534725e Credits Bob Matyas...

WordPress Spectra Plugin <= 2.12.8 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1814 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8365e8ec8dfb Credits wesley wcraft Required privile...