WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

WordPress eForm - WordPress Form Builder 4.19.1 - Cross Site Scripting XSS Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin eForm - WordPress Form Builder versions 4.19.1...

WordPress wProject theme < 5.8.0 - Subscriber+ Privilege Escalation vulnerability

Subscriber+ Privilege Escalation vulnerability discovered by Dave Jong Patchstack in WordPress Theme wProject versions 5.8.0...

WordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilities

Multiple Subscriber+ Broken Access Control vulnerabilities discovered by Dave Jong Patchstack in WordPress Plugin WP SuperBackup versions = 2.3.3...

WordPress WP SuperBackup plugin <= 2.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP SuperBackup versions = 2.3.3...

WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability

Subscriber+ PHP Object Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP SuperBackup versions = 2.3.3...

WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability

Unauthenticated Backup File Download Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP SuperBackup versions = 2.3.3...

WordPress FAT Services Booking plugin <= 5.6 - Subscriber+ Site-Wide Cross Site Scripting (XSS) vulnerability

Subscriber+ Site-Wide Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin FAT Services Booking versions = 5.6...

WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability

Unauthenticated Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin AIO Contact versions = 2.8.1...

WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability

Subscriber+ Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...

WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability

Subscriber+ Arbitrary File Read vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4.1...

WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Revy versions = 1.18...

WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Revy versions = 1.18...

WordPress Droip plugin < 2.5.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Droip versions 2.5.2...

WordPress Brickscore plugin <= 1.4.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Brickscore versions = 1.4.2.5...

WordPress WP Armour Extended plugin <= 1.26 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP Armour Extended versions = 1.26...

WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Greenshift Woocommerce Addon versions 1.9.8...

WordPress Greenshift Query and Meta Addon plugin < 3.9.2 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Greenshift Query and Meta Addon versions 3.9.2...

WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection

Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...

WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability

Subscriber+ Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Leopard - WordPress offload media versions = 2.0.36...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...