WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin OAuth Server versions = 4.3.3...

WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Responsive Lightbox versions = 2.4.6...

WordPress Flexible Checkout Fields for WooCommerce Plugin <= 4.1.2 is vulnerable to Broken Access Control

Software Flexible Checkout Fields for WooCommerce Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31267 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 72da160ff639 Credits...

WordPress Demo My WordPress Plugin <= 1.0.9.1 is vulnerable to Privilege Escalation

Software Demo My WordPress Type Plugin Vulnerable versions = 1.0.9.1 Fixed in 1.1.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-31290 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e3085e8e64da Credits Dave Jong Patchstack...

WordPress LearnPress Plugin <= 4.2.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.3 Fixed in 4.2.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-1289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88d0a0c7ed9f Credits drop Required...

WordPress Easy Social Share Buttons Plugin <= 9.4 is vulnerable to Broken Access Control

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31307 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 88c85a953f3f Credits Rafie Muhammad...

WordPress Easy Social Share Buttons Plugin <= 9.4 is vulnerable to Local File Inclusion

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-31300 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 770673a69613 Credits Rafie Muhammad Patchstack Required...

WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Loan Repayment Calculator and Application Form Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31263 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

WordPress All-in-One Video Gallery Plugin <= 3.5.2 is vulnerable to Broken Access Control

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31248 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ff87f08708c9 Credits emad Required...

WordPress REHub Framework plugin < 19.6.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin REHub Framework versions 19.6.2...

WordPress Rehub theme <= 19.6.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...

WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...

WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...

WordPress Breakdance Plugin <= 1.7.2 is vulnerable to Remote Code Execution (RCE)

Software Breakdance Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-31390 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 353d66dd1bd4 Credits Snicco Required privilege Breakdance...

WordPress Rehub Theme <= 19.6.1 is vulnerable to Local File Inclusion

Software Rehub Type Theme Vulnerable versions = 19.6.1 Fixed in 19.6.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-31231 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 189370c86e72 Credits Rafie Muhammad Patchstack Required privilege...

WordPress REHub Framework Plugin < 19.6.2 is vulnerable to SQL Injection

Software REHub Framework Type Plugin Vulnerable versions 19.6.2 Fixed in 19.6.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-31234 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2625ebbfb885 Credits Rafie Muhammad Patchstack Required privilege...

WordPress SpiderFAQ plugin <= 1.3.2 - Cross Site Scripting vulnerability

Cross Site Scripting vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin SpiderFAQ versions = 1.3.2...

WordPress HeartThis plugin <= 0.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin HeartThis versions = 0.1.0...

WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WooCommerce Bookings Calendar versions = 1.0.36...

WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin 10Web Map Builder for Google Maps versions = 1.0.74...