WordPress Fence URL plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Fence URL versions = 2.0.0...

WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin April's Call Posts versions = 2.1.1...

WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Blizzard Quotes versions = 1.3...

WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...

WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin RealtyCandy IDX Broker Extended versions = 1.5.1...

WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Post Hits Counter versions = 2.8.23...

WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Google Plus Share and +1 Button versions = 1.0...

WordPress Advanced Event Manager plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Advanced Event Manager versions = 1.1.6...

WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Silverlight Video Player versions = 1.0...

WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Kevin's versions = 2.0.0...

WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Hotlink2Watermark versions = 0.3.2...

WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin AI Quiz versions = 1.1...

WordPress Kevin's Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kevin's Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53712 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3dc43c4ca7f8 Credits SOPROBRO Required privilege...

WordPress Ditty Plugin < 3.1.47 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.47 Fixed in 3.1.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 83e7fc159d60 Credits Dmitrii Ignatyev Required privileg...

WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SP Blog Designer versions = 1.0.0...

WordPress Shopready plugin <= 3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Shopready versions = 3.6...

WordPress Sticky Social Icons plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Sticky Social Icons versions = 1.2.1...

WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Grip versions = 1.0.9...

WordPress AccessPress Staple Theme <= 1.9.1 is vulnerable to Arbitrary File Upload

Software AccessPress Staple Type Theme Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 613a651ca664 Credits Mika Required privilege Subscriber...

WordPress Ortto plugin <= 1.0.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Ortto versions = 1.0.19...