WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...

WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability

Unauthenticated License Settings Reset vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Automator Pro versions 5.3.0.1...

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.17...

WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...