WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Sunshine Photo Cart versions = 3.2.9...

WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Photo Engine versions = 6.4.0...

WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WpTravelly versions = 1.7.7...

WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Telegram Bot & Channel versions = 3.8.2...

WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability

Blind Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WappPress versions = 6.0.4...

WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Taggbox versions = 3.3...

WordPress Zoho Campaigns plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Zoho Campaigns versions = 2.0.8...

WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Animated Rotating Words versions = 5.6...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Broken Access Control

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38714 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 00f4bc37a87e Credits Majed Refaea Required...

WordPress codoc plugin <= 0.9.51.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin codoc versions = 0.9.51.12...

WordPress Cliengo – Chatbot plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Cliengo – Chatbot versions = 3.0.4...

WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Ultimate Auction versions = 4.2.5...

WordPress WPAdverts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WPAdverts versions = 2.1.2...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.4.6 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.4.6...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...

WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Scraper versions = 5.7...

WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.12...

WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.1...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...