WordPress Page Builder Sandwich <= 5.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Page Builder Sandwich – Front-End Page Builder versions = 5.1.0...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...

WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin User Rights Access Manager versions = 1.1.2...

WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Scraper versions = 5.7...

WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin affiliate-toolkit versions = 3.4.4...

WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin PropertyHive versions = 2.0.9...

WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Laybuy Payment Extension for WooCommerce versions = 5.3.9...

WordPress Ibtana plugin <= 1.2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Ibtana versions = 1.2.3.3...

WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Sinatra versions = 1.3...

WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability

CSRF leading to notice dismissal vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Envira Photo Gallery versions = 1.8.7.3...

WordPress WPMU Defender plugin <= 3.3.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin Defender Security versions = 3.3.2...

WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin WP 2FA versions = 2.6.3...

WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.1...

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability

Contributor+ Shortcode Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Page Builder: Live Composer versions = 1.5.42...

WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hueman versions = 3.7.24...

WordPress Slideshow SE plugin <= 2.5.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Slideshow SE versions = 2.5.20...

WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Squeeze versions = 1.4...

WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Excellent versions = 1.2.9...

WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Serious Slider versions = 1.2.4...