WordPress Drag and Drop Multiple File Upload for WooCommerce plugin <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function vulnerability

Unauthenticated Arbitrary File Upload via upload Function vulnerability discovered by Milinxee in WordPress Plugin Drag and Drop Multiple File Upload for WooCommerce versions = 1.1.6...

WordPress 1 Click WordPress Migration Plugin plugin <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Kate Kligman Sunsword in WordPress Plugin 1 Click WordPress Migration versions = 2.2...

WordPress Meks Flexible Shortcodes plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Meks Flexible Shortcodes versions = 1.3.6...

WordPress Calculate Prices based on Distance For WooCommerce plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin Calculate Prices based on Distance For WooCommerce versions = 1.3.5...

WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by timomangcut in WordPress Plugin XT Event Widget for Social Events versions = 1.1.7...

WordPress Ultimate WP Mail plugin <= 1.3.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Aiden Thái An in WordPress Plugin Ultimate WP Mail versions = 1.3.4...

WordPress Easy Replace Image plugin <= 3.5.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by theviper17 in WordPress Plugin Easy Replace Image versions = 3.5.0...

WordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin GS Testimonial Slider versions = 3.2.9...

WordPress JupiterX Core plugin <= 4.8.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin JupiterX Core versions = 4.8.11...

WordPress Ultimate WP Mail plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin Ultimate WP Mail versions = 1.3.4...

WordPress Simple File List plugin <= 6.1.13 - Settings Change Vulnerability

Settings Change Vulnerability discovered by Mika in WordPress Plugin Simple File List versions = 6.1.13...

WordPress Listamester plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Listamester versions = 2.3.6...

WordPress PGS Core plugin <= 5.8.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

WordPress Wolmart Theme <= 1.8.11 is vulnerable to Content Injection

Software Wolmart Type Theme Vulnerable versions = 1.8.11 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-13793 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID 21e712d07197 Credits Lucio Sá Required privilege Unauthenticated...

WordPress Xavin's List Subpages plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Xavin's List Subpages versions = 1.3...

WordPress PGS Core plugin <= 5.8.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

WordPress BuddyBoss Platform Pro plugin <= 2.7.01 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin BuddyPress Platform Pro versions = 2.7.01...

WordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.7...

WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin Visual Builder versions = 1.2.2...

WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Product Category Slider for WooCommerce versions = 4.3.4...