WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JobSearch versions = 2.5.3...

WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JobSearch versions = 2.5.4...

WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Email Address Encoder versions = 1.0.23...

WordPress Beaver Builder plugin <= 2.8.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Beaver Builder versions = 2.8.3.2...

WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Envira Photo Gallery versions = 1.8.14...

WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Timetics versions = 1.0.23...

WordPress Generate Images – Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Magic Post Thumbnail versions = 5.2.9...

WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin YARPP versions = 5.30.10...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43939 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7f62f3b06158 Credits Dave Jong Patchstack Required...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43940 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b82e28b179e8 Credits Dave Jong Patchstack Required...

WordPress JobSearch Plugin <= 2.5.4 is vulnerable to Broken Access Control

Software JobSearch Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43928 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e6bba7f0604c Credits Ananda Dhakal Patchstack Required...

WordPress Email Address Encoder Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43927 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bba49f18d147 Credits Rafie...

WordPress Maintenance & Coming Soon Redirect Animation Plugin <= 2.1.3 is vulnerable to Bypass Vulnerability

Software Maintenance & Coming Soon Redirect Animation Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-43944 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 17bf0cc9007b Credits...

WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection

Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...

WordPress Droip Plugin <= 1.1.1 is vulnerable to Settings Change

Software Droip Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43954 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID d2ffab5d4b5f Credits Dave Jong Patchstack Required privilege...

WordPress Droip Plugin <= 1.1.1 is vulnerable to Arbitrary File Deletion

Software Droip Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-43955 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 09fa6dd06ae0 Credits Dave Jong Patchstack Required privileg...

WordPress LWS Affiliation Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software LWS Affiliation Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43962 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a2763521797a Credits Fariq Fadillah Gusti Insani...

WordPress Brickscore Plugin <= 1.4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Brickscore Type Plugin Vulnerable versions = 1.4.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43950 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 72067279088d Credits Dave Jong Patchstack Required privile...

WordPress Beaver Builder Plugin <= 2.8.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Beaver Builder Type Plugin Vulnerable versions = 2.8.3.2 Fixed in 2.8.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43926 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 60397577fef6 Credits Rafie Muhammad Patchstack...

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cache

LiteSpeed Cache Privilege Escalation PoC - CVE-2024-28000...