WordPress WP-Members plugin <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin WP-Members versions = 3.5.4...

WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.45...

WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...

WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin < 8.4.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Blog2Social versions 8.4.0...

WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...

WordPress Sticky HTML5 Music Player plugin <= 3.1.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Sticky HTML5 Music Player versions = 3.1.6...

WordPress Nasa Core Plugin <= 6.4.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin Nasa Core versions 6.4.4...

WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

WordPress Groundhogg plugin <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Phat Do in WordPress Plugin Groundhogg versions = 4.1.1.2...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...

WordPress Advanced Accordion Gutenberg Block plugin <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Advanced Accordion Gutenberg Block versions = 5.0.2...

WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PropertyHive versions = 2.1.2...

WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin WP User Profiles versions = 2.6.2...

WordPress WPFront User Role Editor plugin <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function vulnerability

Cross-Site Request Forgery to Privilege Escalation via whitelistoptions Function vulnerability discovered by WordFence in WordPress Plugin WPFront User Role Editor versions = 4.2.1...

WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NAWardRox in WordPress Plugin Ni WooCommerce Cost Of Goods versions = 3.2.8...

WordPress Kudos Donations Plugin <= 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Kudos Donations Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27c0ae774d02 Credits vgo0 Required...

WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation

Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...

WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation

Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...

WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...