WordPress Sirv Plugin <= 7.2.2 is vulnerable to Privilege Escalation

Software Sirv Type Plugin Vulnerable versions = 7.2.2 Fixed in 7.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-32959 Patch priority High CVSS severity High 8.8 Developer Sirv PSID 299a67279292 Credits Emili Castells Required...

WordPress UDesign Theme <= 4.7.3 is vulnerable to Cross Site Scripting (XSS)

Software UDesign Type Theme Vulnerable versions = 4.7.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4077 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b5fe2949f69d Credits Rafie Muhammad Patchstack Required privilege...

WordPress Slash Admin Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Slash Admin Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-32958 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 52a29e92a4ae Credits Cronus Required...

WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin RTMKit versions = 1.4.1...

WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Unauthenticated Plugin Settings Reset vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Max Addons Pro for Bricks versions = 1.6.1...

WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP ADA Compliance Check Basic versions = 3.1.3...

WordPress Accessibility Widget plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Accessibility Widget versions = 2.2...

WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin VK Block Patterns versions = 1.31.0...

WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Evergreen Content Poster versions = 1.4.2...

WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Reviews Plus versions = 1.3.4...

WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Total Poll Lite versions = 4.9.9...

WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.2...

WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.78...

WordPress All-in-one Like Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin All-in-one Like Widget versions = 2.2.7...

WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin ShortPixel Critical CSS versions = 1.0.2...

WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin ActiveDEMAND versions = 0.2.41...

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

WordPress Headline Analyzer plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Headline Analyzer versions = 1.3.3...

WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Social Snap versions = 1.3.5...

WordPress SuperFaktura WooCommerce plugin <= 1.40.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin SuperFaktura WooCommerce versions = 1.40.3...