WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Broken Access Control on Post Duplication vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.1...

WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability

Broken Access Control on Paid Courses vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.16...

WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ivan Spiridonov Patchstack Alliance in WordPress Plugin School Management Pro versions = 10.3.4...

WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Digital Publications by Supsystic versions = 1.7.7...

WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin iPages Flipbook versions = 1.5.1...

WordPress Contact Form 7 Database Addon – CFDB7 Plugin <= 1.2.6.8 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Database Addon – CFDB7 Type Plugin Vulnerable versions = 1.2.6.8 Fixed in 1.2.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3870 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b218289620d7 Credits Ti...

WordPress Realtyna Organic IDX plugin Plugin <= 4.14.4 is vulnerable to Cross Site Scripting (XSS)

Software Realtyna Organic IDX plugin Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.14.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33924 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9af5852216f6 Credits Muhammad Daffa...

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33928 Patch priority Medium CVSS severity Medium 7.1 Developer Codebard PSID f0b671d6d681 Credits Le Ngoc...

WordPress WordPress Ad Widget plugin <= 2.20.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WordPress Ad Widget versions = 2.20.1...

WordPress Fan Page Widget by ThemeNcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Fan Page Widget by ThemeNcode versions = 2.0...

WordPress Smart Recent Posts Widget plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Smart Recent Posts Widget versions = 1.0.4...

WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Financio versions = 1.1.3...

WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Teluro versions = 1.0.31...

WordPress Arconix FAQ plugin <= 1.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Arconix FAQ versions = 1.9.3...

WordPress Arconix Shortcodes plugin <= 2.1.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Arconix Shortcodes versions = 2.1.10...

WordPress Startupzy theme <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Startupzy versions = 1.1.1...

WordPress Accountra theme <= 1.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Accountra versions = 1.0.3...

WordPress Pathway theme <= 1.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Pathway versions = 1.0.15...

WordPress Hugo WP theme <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hugo WP versions = 1.0.8...

WordPress Althea WP theme <= 1.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Althea WP versions = 1.0.13...