WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Pardot versions = 2.1.0...

WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Easy Contact Form Lite versions = 1.1.23...

WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.0...

WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.0.12...

WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...

WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

File Password Lock Bypass vulnerability discovered by Liu Shaohong Patchstack Alliance in WordPress Plugin Download Manager versions = 3.2.82...

WordPress BA Book Everything plugin <= 1.6.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Thanh Nam Tran Patchstack Alliance in WordPress Plugin BA Book Everything versions = 1.6.4...

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to SQL Injection

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32137 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2210c42a0a13 Credits Dave Jong Patchstack Required privilege...

WordPress Fatal Error Notify Plugin <= 1.5.2 is vulnerable to Broken Access Control

Software Fatal Error Notify Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32455 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f9eea9e690c Credits Abdi Pranata Required...

WordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Leadinfo versions = 1.0...

WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Finale Lite versions = 2.18.0...

WordPress WP Compress plugin <= 6.10.35 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Compress versions = 6.10.35...

WordPress TOP Table Of Contents plugin <= 1.3.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin TOP Table Of Contents versions = 1.3.15...

WordPress Crony Cronjob Manager plugin <= 0.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Crony Cronjob Manager versions = 0.5.0...

WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Advanced Page Visit Counter versions = 8.0.6...

WordPress GEO my WordPress plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin GEO my WordPress versions = 4.1...

WordPress Citadela Listing plugin < 5.20.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Citadela Listing versions 5.20.0...

WordPress Easy Logo plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Easy Logo versions = 1.9.3...

WordPress Search Keyword Redirect plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Search Keyword Redirect versions = 1.0...

WordPress NextMove Lite Plugin <= 2.18.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software NextMove Lite Type Plugin Vulnerable versions = 2.18.1 Fixed in 2.18.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32104 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 05bc79c592e5 Credits Dhabaleshwar Das...