WordPress Frontend Post Submission Manager Lite Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Frontend Post Submission Manager Lite Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ea5d9d3b8976 Credits Lucio Sá...

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by lowol ngo Patchstack Alliance in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.5...

WordPress Content Blocks (Custom Post Widget) Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Content Blocks Custom Post Widget Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44051 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b50c32e861c5 Credits lowol ngo Required...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8121 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID 13565964e4a5 Credits Marco...

WordPress Parabola theme <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Parabola versions = 2.4.1...

WordPress filmix theme <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Filmix versions = 1.1...

WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme Blogpoet versions = 1.0.3...

WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin ElementsKit Pro versions = 3.6.0...

WordPress Posterity theme <= 3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Posterity versions = 3.6...

WordPress Kahuna theme <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Kahuna versions = 1.7.0...

WordPress LatePoint (Premium) plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin LatePoint versions = 4.9.91...

WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Theme Masterstudy LMS Starter versions = 1.1.8...

WordPress Mystique theme <= 2.5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Mystique versions = 2.5.7...

WordPress Sliding Door theme <= 3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Sliding Door versions = 3.6...

WordPress EU/UK VAT Manager for WooCommerce Plugin <= 2.12.14 is vulnerable to Cross Site Scripting (XSS)

Software EU/UK VAT Manager for WooCommerce Type Plugin Vulnerable versions = 2.12.14 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44061 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f85f2397bd5f Credits Abdi Pranata...

WordPress Custom Query Blocks Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3fa2441e978e Credits 4rCanJ0x! Required privilege...

WordPress LatePoint Plugin <= 4.9.91 is vulnerable to Cross Site Scripting (XSS)

Software LatePoint Type Plugin Vulnerable versions = 4.9.91 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43992 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c330c34a0a64 Credits Ananda Dhakal Patchstack Required...

WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joel Indra Patchstack Alliance in WordPress Plugin Ninja Forms versions = 3.8.11...

WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Bus Ticket Booking with Seat Reservation versions = 5.3.5...

WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability

Broken Access Control to Account Takeover vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Login As Users versions = 1.4.3...