144 matches found
WordPress WP Armour Extended plugin <= 1.26 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP Armour Extended versions = 1.26...
WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Greenshift Woocommerce Addon versions 1.9.8...
WordPress Greenshift Query and Meta Addon plugin < 3.9.2 - Subscriber+ SQL Injection vulnerability
Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Greenshift Query and Meta Addon versions 3.9.2...
WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection
Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...
WordPress Leopard plugin <= 2.0.36 - Subscriber+ Sensitive Data Exposure vulnerability
Subscriber+ Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Leopard - WordPress offload media versions = 2.0.36...
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability
Subscriber+ Arbitrary Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WHMpress versions = 6.2-revision-5...
WordPress WHMpress plugin <= 6.2-revision-5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WHMpress versions = 6.2-revision-5...
WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin <= 1.6.6 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Docket WooCommerce Collections / Wishlist / Watchlist versions 1.7.0...
WordPress Uncanny Automator Pro plugin <= 5.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Automator Pro versions = 5.3...
WordPress BerqWP plugin <= 1.7.5 - Unauthenticated Non-Blind Server Side Request Forgery (SSRF) vulnerability
Unauthenticated Non-Blind Server Side Request Forgery SSRF vulnerability discovered by Dave Jong Patchstack in WordPress Plugin BerqWP versions = 1.7.5...
WordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerability
CSRF Leading to Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Seraphinite Accelerator Full, premium versions = 2.21.13...
WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability
Subscriber+ Multiple Broken Access Control vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...
WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Theme BuddyBoss Theme versions = 2.4.61...
WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control
Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...
WordPress BookYourTravel theme <= 8.18.17 - Subscriber+ Privilege Escalation vulnerability
Subscriber+ Privilege Escalation vulnerability discovered by Dave Jong Patchstack in WordPress Theme BookYourTravel versions = 8.18.17...
WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Toolkit Pro for LearnDash versions 4.1.4.1...
WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability
Unauthenticated License Settings Reset vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Automator Pro versions 5.3.0.1...