WordPress Tax Rate Upload Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Tax Rate Upload Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32546 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e0f99a4ecd9c Credits Dimas Maulana Required privilege...

WordPress Easy Textillate Plugin <= 2.02 is vulnerable to Cross Site Scripting (XSS)

Software Easy Textillate Type Plugin Vulnerable versions = 2.02 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32526 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 449b07d55d23 Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress Simple Registration for WooCommerce Plugin <= 1.5.6 is vulnerable to Privilege Escalation

Software Simple Registration for WooCommerce Type Plugin Vulnerable versions = 1.5.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-32511 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 088fc8769d...

WordPress BMI Adult & Kid Calculator Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software BMI Adult & Kid Calculator Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-32550 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 6c58017d5b00 Credits Faizal Abroni Required privile...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 223 is vulnerable to Cross Site Scripting (XSS)

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 223 Fixed in 224 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6811 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to Cross Site Scripting (XSS)

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 052582e81e99 Credits...

WordPress WPC Grouped Product for WooCommerce Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software WPC Grouped Product for WooCommerce Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32520 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18460ef99dba Credits Abdi...

WordPress weForms Plugin <= 1.6.20 is vulnerable to Bypass Vulnerability

Software weForms Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32512 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID afd56fb1f506 Credits Kyle Sanchez Required privilege...

WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Fatal Error Notify versions = 1.5.2...

WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Legal Pages versions = 1.4.2...

WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Wallet System for WooCommerce versions = 2.5.9...

WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Download IP2Location Country Blocker versions = 2.34.2...

WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP Client Reports versions = 1.0.22...

WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin SEO Booster versions = 3.8.9...

WordPress eCommerce Product Catalog plugin <= 3.3.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin eCommerce Product Catalog versions = 3.3.28...

WordPress AffiEasy plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin AffiEasy versions = 1.1.4...

WordPress BEAF plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin BEAF versions = 4.5.4...

WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin ActiveCampaign versions = 8.1.14...

WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Remove Footer Credit versions = 1.0.13...

WordPress MWW Disclaimer Buttons plugin <= 3.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin MWW Disclaimer Buttons versions = 3.0.2...