WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by wpdabh Patchstack Alliance in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.0.3...

WordPress Fancy Elementor Flipbox plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Fancy Elementor Flipbox versions = 2.5.2...

WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Himalayas versions = 1.3.0...

WordPress Zotpress plugin <= 7.3.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Zotpress versions = 7.3.9...

WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Gold Addons for Elementor versions = 1.2.9...

WordPress Real3D Flipbook PDF Viewer Lite plugin <= 3.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Real 3D FlipBook versions = 3.71...

WordPress gee Search Plus plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin gee Search Plus versions = 1.4.4...

WordPress WOLF plugin <=1.0.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Elmini Patchstack Alliance in WordPress Plugin WOLF versions = 1.0.8.2...

WordPress Stockholm Core plugin <= 2.4.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Stockholm Core versions = 2.4.1...

WordPress Stockholm theme <= 9.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Stockholm versions = 9.6...

WordPress WP Job Manager plugin <= 2.2.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin WP Job Manager versions = 2.2.2...

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin WidgetKit versions = 2.4.8...

WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin weDocs versions = 2.1.4...

WordPress Easy Affiliate Links plugin <= 3.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Easy Affiliate Links versions = 3.7.2...

WordPress DS Site Message plugin <= 1.14.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by umi Patchstack Alliance in WordPress Plugin DS Site Message versions = 1.14.4...

WordPress AI Engine plugin <= 2.2.63 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin AI Engine versions = 2.2.63...

WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Huynh Tien Si Patchstack Alliance in WordPress Plugin Form Maker by 10Web versions = 1.15.24...

WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Aiomatic versions = 1.9.3...

WordPress Better Elementor Addons plugin <=1.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Better Elementor Addons versions = 1.4.4...

WordPress Aiomatic Plugin <= 1.9.3 is vulnerable to Broken Access Control

Software Aiomatic Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5637a4c44c26 Credits Ananda Dhakal Patchstack Required...