WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control

Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31368 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 82c791d66976 Credits Rafie Muhammad Patchstack Required...

WordPress bunny.net plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin bunny.net versions = 2.0.1...

WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Premmerce Product Filter for WooCommerce versions = 3.7.2...

WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.5.2...

WordPress Benchmark Email Lite Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Benchmark Email Lite Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31360 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 854801e675e4 Credits Joshua Chan Requir...

WordPress ProfileGrid Plugin <= 5.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.8 Fixed in 5.7.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31362 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f2b8a25e3b Credits thiennv Required...

WordPress User Activity Log plugin <= 1.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin User Activity Log versions = 1.9...

WordPress Slideshow Gallery LITE plugin <= 1.7.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Slideshow Gallery versions = 1.7.8...

WordPress Slideshow Gallery LITE plugin <= 1.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Slideshow Gallery versions = 1.8...

WordPress Slideshow Gallery Plugin <= 1.8 is vulnerable to Sensitive Data Exposure

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-31353 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0d303a6f8dfd Credits Ananda Dhakal Patchstack...

WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.13...

WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin AWP Classifieds versions = 4.3.1...

WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Abdi Prawira Negara Patchstack Alliance in WordPress Plugin WordPress Gallery Exporter versions = 1.3...

WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability

Multiple Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Easy Social Share Buttons versions = 9.4...

WordPress Easy Social Share Buttons plugin <= 9.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Easy Social Share Buttons versions = 9.4...

WordPress Essential Blocks plugin <= 4.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.3...

WordPress Sign-up Sheets plugin <= 2.2.11.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Sign-up Sheets versions = 2.2.11.1...

WordPress User Spam Remover plugin <= 1.0 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin User Spam Remover versions = 1.0...

WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin WP Sort Order versions = 1.3.1...

WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WP Photo Album Plus versions 8.6.03.005...