WordPress Niveau theme 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Niveau versions = 1.0.8...

WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Kognetiks Chatbot for WordPress versions = 2.0.0...

WordPress JCH Optimize Plugin <= 4.2.0 is vulnerable to Path Traversal

Software JCH Optimize Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A6: Security Misconfiguration Classification Path Traversal CVE CVE-2024-34808 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 076d61af6638 Credits Dhabaleshwar Das Required...

WordPress Blocksy Companion Plugin <= 2.0.45 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.45 Fixed in 2.0.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4487 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 47cc317dca12 Credits wesley wcraft Requir...

WordPress Gutenify plugin <= 1.4.0 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Gutenify versions = 1.4.0...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Filebird versions = 5.6.3...

WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin All Bootstrap Blocks versions = 1.3.15...

WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.25...

WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin iPages Flipbook versions = 1.5.1...

WordPress Netgsm plugin <= 2.9.32 - Broken Access Control + CSRF vulnerability

Broken Access Control + CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Netgsm versions = 2.9.32...

WordPress WP Discourse Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software WP Discourse Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4c4620868728 Credits Joshua Chan Required privilege...

WordPress All Bootstrap Blocks Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35169 Patch priority Low CVSS severity Low 5.9 Developer AREOI PSID 986d96f4d07f Credits 4rCanJ0x! Required privilege Author...

WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin MC Woocommerce Wishlist versions = 1.7.2...

WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin If-So Dynamic Content Personalization versions = 1.7.1...

WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Contact List versions = 2.9.87...

WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.20...

WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin TranslatePress versions = 2.7.5...

WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Easy Digital Downloads versions = 3.2.11...

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability CVE-2023-40000, CVSS score: 8.3 has been leveraged to set u...

WordPress Ditty Plugin <= 3.1.38 is vulnerable to PHP Object Injection

Software Ditty Type Plugin Vulnerable versions = 3.1.38 Fixed in 3.1.39 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3954 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 3afcc0b0dfe5 Credits Trinh Vu Sonicrrrr Required privilege...