3797 matches found
WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce Plugin <= 2.6.18 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce Type Plugin Vulnerable versions = 2.6.18 Fixed in 2.6.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-39657 Patch priority Low CVSS severity Low 4.3 Developer Cla...
WordPress WP Social Feed Gallery Plugin <= 4.3.9 is vulnerable to Broken Access Control
Software WP Social Feed Gallery Type Plugin Vulnerable versions = 4.3.9 Fixed in 4.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39640 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dd020799eba7 Credits Rafie Muhammad...
WordPress Donation Block For PayPal Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Donation Block For PayPal Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6021 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 49c1f9f09af2 Credits Bob Matyas...
WordPress Edubin theme <= 9.2.0 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Edubin versions = 9.2.0...
WordPress PowerPack for Beaver Builder plugin <= 2.33.0 - Contributor+ Privilege Escalation vulnerability
Contributor+ Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PowerPack for Beaver Builder versions = 2.33.0...
WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability
Cross Site Request Forgery CSRF to Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme ListingPro versions = 2.9.4...
WordPress ListingPro plugin <= 2.9.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ListingPro versions = 2.9.4...
WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability
Non-arbitrary Options Update vulnerability discovered by Humberto Castelo Branco Patchstack Alliance in WordPress Plugin ConveyThis versions = 234...
WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin AI Engine versions = 2.4.7...
WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion
Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...
WordPress ListingPro Theme <= 2.9.4 is vulnerable to SQL Injection
Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39622 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ecd756a53e31 Credits Rafie Muhammad Patchstack Required privilege...
WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection
Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39620 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b93d0cfbae0f Credits Rafie Muhammad Patchstack Required privilege...
WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Telegram Bot & Channel versions = 3.8.2...
WordPress uipress-lite plugin <= 3.4.06 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyễn Trung Kiên Patchstack Alliance in WordPress Plugin UiPress lite versions = 3.4.06...
WordPress CoziPress theme <= 1.0.30 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme CoziPress versions = 1.0.30...
WordPress CopySafe Web Protection plugin <= 3.15 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin CopySafe Web Protection versions = 3.15...
WordPress Security Optimizer plugin <= 1.5.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SiteGround Security versions = 1.5.0...
WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by piro Patchstack Alliance in WordPress Plugin Atarim versions = 4.0...
WordPress CTX Feed Plugin <= 6.5.6 is vulnerable to Privilege Escalation
Software CTX Feed Type Plugin Vulnerable versions = 6.5.6 Fixed in 6.5.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38775 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID cbdae09cf674 Credits stealthcopter Required privilege Sh...
WordPress WP Fast Total Search Plugin <= 1.69.234 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Fast Total Search Type Plugin Vulnerable versions = 1.69.234 Fixed in 1.70.236 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-38778 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 7430c079e28f Credits Majed Refaea...