WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin User Meta versions = 3.0...

WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin EPROLO Dropshipping versions = 1.7.1...

WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.06...

WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin Better Elementor Addons versions = 1.4.1...

WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme ColorNews versions = 1.2.6...

WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Theme Blocksy versions = 2.0.33...

WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Booking Ultra Pro versions = 1.1.12...

WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin RTMKit versions = 1.4.1...

WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP ADA Compliance Check Basic versions = 3.1.3...

WordPress Accessibility Widget plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Accessibility Widget versions = 2.2...

WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin VK Block Patterns versions = 1.31.0...

WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Evergreen Content Poster versions = 1.4.2...

WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Reviews Plus versions = 1.3.4...

WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Total Poll Lite versions = 4.9.9...

WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.2...

WordPress Combo Blocks plugin <= 2.2.78 - Sensitive Data Exposure via API vulnerability

Sensitive Data Exposure via API vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.78...

WordPress All-in-one Like Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin All-in-one Like Widget versions = 2.2.7...

WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin ShortPixel Critical CSS versions = 1.0.2...

WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin ActiveDEMAND versions = 0.2.41...

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...