WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Arbitrary File Download

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-33558 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 535d5071f992 Credits Rafie Muhammad Patchstack...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Broken Access Control

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1c391075b80a Credits Rafie Muhammad Patchstack...

WordPress XStore Theme <= 9.3.8 is vulnerable to Broken Access Control

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33561 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b6ec6d6c7945 Credits Rafie Muhammad Patchstack Required...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Privilege Escalation

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33552 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d1199dede4c1 Credits Rafie...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Privilege Escalation

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33549 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a1d74d6dfe5c Credits Rafie Muhammad...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to PHP Object Injection

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-33553 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 49ab51cfb6ce Credits Rafie Muhammad Patchstack Required privilege...

WordPress Leaky Paywall Plugin <= 4.20.8 is vulnerable to Broken Access Control

Software Leaky Paywall Type Plugin Vulnerable versions = 4.20.8 Fixed in 4.20.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33594 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID a83bbae5ad9a Credits Joshua Chan Required privileg...

WordPress WZone Plugin <= 14.0.33 is vulnerable to SQL Injection

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33546 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 44537a1aade6 Credits Rafie Muhammad Patchstack Required privilege Subscriber...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Cross Site Scripting (XSS)

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33554 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c7395c437d4a Credits Rafie Muhammad Patchstack Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Broken Access Control

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33563 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID b054c7b1c33a Credits Rafie Muhammad Patchstack Required...

WordPress Piotnet Addons For Elementor Pro Plugin <= 7.1.17 is vulnerable to Cross Site Scripting (XSS)

Software Piotnet Addons For Elementor Pro Type Plugin Vulnerable versions = 7.1.17 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33633 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1e1ccb12f64 Credits Dave Jong...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Cross Site Scripting (XSS)

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33548 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 056b1a28280e Credits Rafie Muhammad Patchstack Required privile...

WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...

WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Privilege Escalation

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33569 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID d731bc7eedd6 Credits Rafie...

WordPress Easy Set Favicon Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy Set Favicon Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33645 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c770d55f2af Credits Dimas Maulana Required privilege...

WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Theme Blocksy versions = 2.0.33...

WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Booking Ultra Pro versions = 1.1.12...

WordPress Page Builder: Live Composer Plugin <= 1.5.38 is vulnerable to Broken Access Control

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.38 Fixed in 1.5.39 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32957 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 6edbbb14734c Credits savphill Requir...

WordPress Exclusive Addons Elementor Plugin <= 2.6.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9.3 Fixed in 2.6.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2750 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4df0b84e184c Credits wesley...