WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme Fota WP versions = 1.4.1...

WordPress Super Store Finder plugin < 6.9.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Seb Patchstack Alliance in WordPress Plugin Super Store Finder versions 6.9.8...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme ReviveNews versions = 1.0.2...

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin PageLayer versions = 1.8.7...

WordPress Login As Users Plugin <= 1.4.3 is vulnerable to Broken Access Control

Software Login As Users Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43982 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 591007b6910c Credits Ananda Dhakal Patchstack...

WordPress Super Store Finder Plugin <= 6.9.7 is vulnerable to SQL Injection

Software Super Store Finder Type Plugin Vulnerable versions = 6.9.7 Fixed in 6.9.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43976 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7586102df7db Credits Bonds Required privilege Subscriber Publishe...

WordPress Blog Introduction Plugin <= 0.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blog Introduction Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b5cd399b1013 Credits Daniel Ruf Required...

WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hnwmn Patchstack Alliance in WordPress Plugin WP Testimonial Widget versions = 3.1...

WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin SendGrid for WordPress versions = 1.4...

WordPress Super Testimonials plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Testimonials versions = 4.0.1...

WordPress Droip plugin < 2.5.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Droip versions 2.5.2...

WordPress Tempera theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Tempera versions = 1.8.2...

WordPress Brickscore plugin <= 1.4.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Brickscore versions = 1.4.2.5...

WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP Armour Extended versions = 1.26...

WordPress SKT Blocks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin SKT Blocks versions = 1.6...

WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Greenshift Woocommerce Addon versions 1.9.8...

WordPress Greenshift Query and Meta Addon plugin < 3.9.2 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Greenshift Query and Meta Addon versions 3.9.2...

WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability

Unauthenticated Arbitrary Option Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Z Y N I T H versions = 7.4.9...

WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Name Directory versions = 1.29.0...