WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Flash & HTML5 Video versions = 2.5.30...

WordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP Data Access versions = 5.5.7...

WordPress Bold Timeline Lite plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Bold Timeline Lite versions = 1.2.0...

WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.16...

WordPress Squirrly SEO plugin <= 12.3.19 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.3.19...

WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Void Elementor Post Grid Addon for Elementor Page builder versions = 2.3...

WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Salon booking system versions = 10.8.1...

WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WooCommerce versions = 9.1.2...

WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.9.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Stripe Payments For WooCommerce by Checkout Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43315 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID...

WordPress Fonts Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fonts Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43301 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 27e6a6b5f399 Credits Rafie Muhammad Patchstack...

WordPress Brave Popup Builder Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Brave Popup Builder Type Plugin Vulnerable versions = 0.7.0 Fixed in 0.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43337 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04312f740763 Credits Ananda Dhakal...

WordPress Fonts Plugin <= 3.7.7 is vulnerable to Broken Access Control

Software Fonts Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43302 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 28935a5c542e Credits Rafie Muhammad Patchstack Required...

WordPress Login As Users Plugin <= 1.4.2 is vulnerable to Privilege Escalation

Software Login As Users Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-43311 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 61576dd70a4f Credits John Blackbourn Required...

WordPress JetElements For Elementor Plugin <= 2.6.20 is vulnerable to Local File Inclusion

Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.20 Fixed in 2.6.20.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-7145 Patch priority Low CVSS severity Low 7.5 Developer Crocoblock PSID f91f48f5ffcb Credits stealthcopter Required privilege...

WordPress myCred Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2faf75ac250 Credits LVT-tholv2k Required privilege Contributor...

WordPress Flash & HTML5 Video Plugin <= 2.5.31 is vulnerable to Sensitive Data Exposure

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.31 Fixed in 2.5.32 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-43319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3846f722ce9 Credits Ananda Dhakal Patchstack...

WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Sensitive Data Exposure

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43289 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID ac5555013147 Credits Ananda Dhakal Patchstack...

WordPress e2pdf Plugin <= 1.25.05 is vulnerable to Cross Site Scripting (XSS)

Software e2pdf Type Plugin Vulnerable versions = 1.25.05 Fixed in 1.25.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43318 Patch priority Low CVSS severity Low 6.5 Developer E2Pdf.com PSID 618e2ecf6073 Credits LVT-tholv2k Required privilege Contributor Publish...

WordPress Flash & HTML5 Video Plugin <= 2.5.30 is vulnerable to Broken Access Control

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.30 Fixed in 2.5.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43296 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 14d9f8844f5d Credits Ananda Dhakal Patchstac...

WordPress GivingPress Lite Theme <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Software GivingPress Lite Type Theme Vulnerable versions = 1.8.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43352 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc2d25ba2424 Credits stealthcopter Required privilege...