WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin KB Support versions = 1.6.0...

WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 3.9.0...

WordPress WPPizza plugin <= 3.18.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WPPizza versions = 3.18.10...

WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin User Meta versions = 3.0...

WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin EPROLO Dropshipping versions = 1.7.1...

WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Metform versions = 3.8.3...

WordPress Instant Images plugin <= 6.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Instant Images versions = 6.1.0...

WordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerability

Arbitrary File Read and Phar Deserialization vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Element Pack Pro versions 7.19.3...

WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.5.3...

WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability

Limited Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability

Authenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Masquerade versions = 1.1.0...

WordPress WZone plugin < 14.1.00 - Site Wide Broken Access Control vulnerability

Site Wide Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...

WordPress WZone plugin <= 14.0.33 - Arbitrary SQL Update Execution vulnerability

Arbitrary SQL Update Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions = 14.0.33...

WordPress WZone plugin < 14.1.00 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...

WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.06...

WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin Better Elementor Addons versions = 1.4.1...

WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme ColorNews versions = 1.2.6...

WordPress XforWooCommerce Plugin <= 2.0.2 is vulnerable to Local File Inclusion

Software XforWooCommerce Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33628 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c41c6a05c14e Credits Dave Jong Patchstack Required privilege...