WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin GiveWP versions = 3.15.1...

WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Sunshine Photo Cart versions = 3.2.8...

WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Classic Editor and Classic Widgets versions = 1.4.1...

WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by h0j3n Patchstack Alliance in WordPress Plugin Cities Shipping Zones for WooCommerce versions = 1.2.7...

WordPress Bit Form plugin <= 2.13.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Bit Form versions = 2.13.10...

WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Checkout Mestres WP versions = 8.6...

WordPress ABCApp Creator plugin <= 1.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin ABCApp Creator versions = 1.1.2...

WordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Truepush versions = 1.0.8...

WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Users Control versions = 1.0.16...

WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability

Local File Inclusion to RCE vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Vmax Project Manager versions = 1.0...

WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin VR Calendar versions = 2.4.0...

WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WP Newsletter Subscription versions = 1.1...

WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WP Ticket Ultra Help Desk & Support Plugin versions = 1.0.5...

WordPress WPSPX plugin <= 1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin WPSPX versions = 1.0.2...

WordPress Multipurpose Ticket Booking Manager plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jorge Diaz - ddiax Patchstack Alliance in WordPress Plugin Multipurpose Ticket Booking Manager versions = 4.2.2...

WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Sunshine Photo Cart versions = 3.2.9...

WordPress WP Datepicker plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Datepicker versions = 2.1.1...

WordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin SKT Templates – Elementor & Gutenberg templates versions = 6.14...

WordPress Greenshift plugin <= 9.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Greenshift versions = 9.3.7...

WordPress Verbosa theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Verbosa versions = 1.2.3...