WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin BP Better Messages versions = 2.4.32...

WordPress Widget Post Slider plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Widget Post Slider versions = 1.3.5...

WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Easy Property Listings versions = 3.5.3...

WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Paid Memberships Pro versions = 2.12.10...

WordPress Seers plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) to XSS vulnerability

Cross Site Request Forgery CSRF to XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Seers versions = 8.1.0...

WordPress CookieHub plugin <= 1.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin CookieHub versions = 1.1.0...

WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Advanced Testimonial Carousel for Elementor versions = 3.0.0...

WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Contest Gallery versions = 21.3.4...

WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin AppPresser versions = 4.3.0...

WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin BizPrint versions = 4.3.39...

WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Conversational Forms for ChatBot versions = 1.1.8...

WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy versions = 2.1.1...

WordPress Coupon & Discount Code Reveal Button plugin <=1.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Coupon & Discount Code Reveal Button versions = 1.2.5...

WordPress The Pack Elementor addons plugin <= 2.0.8.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin The Pack Elementor addons versions = 2.0.8.2...

WordPress StreamWeasels Twitch Integration plugin <= 1.7.8 - API Sensitive Data Exposure vulnerability

API Sensitive Data Exposure vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin StreamWeasels Twitch Integration versions = 1.7.8...

WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mochamad Sofyan Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.16...

WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin AI Post Generator | AutoWriter versions = 3.3...

WordPress myCred plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin myCred versions = 2.6.3...

WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP-Recall versions = 16.26.5...

WordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerability

IP Bypass vulnerability discovered by LeNgocHoa Patchstack Alliance in WordPress Plugin Maintenance Mode by helderk versions = 3.0.1...