WordPress CSS JS Files Plugin <= 1.5.0 is vulnerable to Directory Traversal

Software CSS JS Files Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-9146 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID eaa2d0720275 Credits jsjp Required privilege Administrator Published...

WordPress Vmax Project Manager Plugin <= 1.0 is vulnerable to Local File Inclusion

Software Vmax Project Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44014 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 0a143d09e270 Credits tahu.datar Required privilege...

WordPress WP Newsletter Subscription Plugin <= 1.1 is vulnerable to Local File Inclusion

Software WP Newsletter Subscription Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44012 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 47db4abe89e4 Credits tahu.datar Required privilege...

WordPress Multipurpose Ticket Booking Manager plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jorge Diaz - ddiax Patchstack Alliance in WordPress Plugin Multipurpose Ticket Booking Manager versions = 4.2.2...

WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Sunshine Photo Cart versions = 3.2.9...

WordPress IdeaPush plugin <= 8.66 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin IdeaPush versions = 8.66...

WordPress WP Datepicker plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Datepicker versions = 2.1.1...

WordPress Houzez Login Register Plugin <= 3.2.5 is vulnerable to Privilege Escalation

Software Houzez Login Register Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.3.0 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-21743 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 864db44c0749 Credits luc Required...

WordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin SKT Templates – Elementor & Gutenberg templates versions = 6.14...

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.6...

WordPress Greenshift plugin <= 9.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Greenshift versions = 9.3.7...

WordPress Verbosa theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Verbosa versions = 1.2.3...

WordPress Roseta theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Roseta versions = 1.3.0...

WordPress Blogvi theme <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Blogvi versions = 1.0.5...

WordPress Septera theme <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Septera versions = 1.5.1...

WordPress Maintenance Redirect plugin <= 2.0.1 - IP Bypass vulnerability

IP Bypass vulnerability discovered by LeNgocHoa Patchstack Alliance in WordPress Plugin Maintenance Redirect versions = 2.0.1...

WordPress My Sticky Bar Plugin < 2.7.3 is vulnerable to Cross Site Scripting (XSS)

Software My Sticky Bar Type Plugin Vulnerable versions 2.7.3 Fixed in 2.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7133 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID da9a4b93bf64 Credits Dmitrii Ignatyev Required...

WordPress Spiffy Calendar plugin <= 4.9.13 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Spiffy Calendar versions = 4.9.13...

WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Product Slider for WooCommerce versions = 1.13.50...

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 CVSS score: 7.5, impacts versions before and includin...