WordPress PowerPack for Beaver Builder Plugin < 2.37.4 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack for Beaver Builder Type Plugin Vulnerable versions 2.37.4 Fixed in 2.37.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43330 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ff58b27c7462 Credits Rafie Muhammad...

WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Insert PHP Code Snippet versions = 1.3.6...

WordPress TrueBooker Plugin <= 1.0.2 is vulnerable to SQL Injection

Software TrueBooker Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6924 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bf0618e9b2e8 Credits Project Black Required privilege Unauthenticated...

WordPress Insert PHP Code Snippet Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43275 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6953adb666a Credits Rafie...

WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin plugin <= 1.3.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Icegram Collect versions = 1.3.14...

WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Woo Products Widgets For Elementor versions = 2.0.4...

WordPress WP BackItUp plugin <= 1.50 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP BackItUp versions = 1.50...

WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability

CSRF Leading to Optout Vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Analytify versions = 5.3.1...

WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Create by Mediavine versions = 1.9.8...

WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability

Remote File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Compute Links versions = 1.2.1...

WordPress Store Locator Plus® for WordPress plugin <= 2311.17.01 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Store Locator Plus versions = 2311.17.01...

WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

WordPress WHMpress plugin <= 6.2-revision-5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WHMpress versions = 6.2-revision-5...

WordPress JobSearch plugin <= 2.3.4 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Dave Jong Patchstack in WordPress Plugin JobSearch versions = 2.3.4...

WordPress Houzez theme <= 3.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jorge Rodriguez Patchstack Alliance in WordPress Theme Houzez versions = 3.2.4...

WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ultimate Membership Pro versions = 12.7...

WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Masteriyo - LMS versions = 1.11.4...