WordPress WP Dashboard Notes Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software WP Dashboard Notes Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43226 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 853d82c04c96 Credits justakazh Required privileg...

WordPress Filr – Secure document library Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Filr – Secure document library Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43216 Patch priority Low CVSS severity Low 6.5 Developer Patrick Posner PSID d8538e254980 Credits domiee13 Required...

WordPress Blockspare plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Blockspare versions = 3.2.0...

WordPress Masteriyo LMS plugin <= 1.11.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Masteriyo - LMS versions = 1.11.4...

WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.10...

WordPress CM Tooltip Glossary Plugin <= 4.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin CM Tooltip Glossary versions = 4.3.7...

WordPress Selection Lite plugin <= 1.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Selection Lite versions = 1.11...

WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin GeoDirectory versions = 2.3.61...

WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Registrations for the Events Calendar versions = 2.12.1...

WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.3...

WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WpEvently versions = 4.2.1...

WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Sunshine Photo Cart versions = 3.2.1...

WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin <= 1.6.6 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Docket WooCommerce Collections / Wishlist / Watchlist versions 1.7.0...

WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WooCommerce Product Table Lite versions = 3.5.1...

WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce versions = 2.6.14...

WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability

Sensitive Information via Imported File vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.8...

WordPress Graphina plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Graphina versions = 1.8.10...

WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin HUSKY versions = 1.3.6.1...

WordPress TypeSquare Webfonts plugin <= 2.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin TypeSquare Webfonts versions = 2.0.7...

WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Hummingbird versions = 3.9.1...