WordPress SiteGround Security Plugin <= 1.5.0 is vulnerable to Broken Access Control

Software SiteGround Security Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0aeabb62f534 Credits Rafie Muhammad Patchstack...

WordPress WPForms User Registration Plugin <= 2.1.0 is vulnerable to Privilege Escalation

Software WPForms User Registration Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-52209 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 78ca3b70599d Credits...

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...

WordPress Smart Image Gallery Plugin < 1.0.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Image Gallery Type Plugin Vulnerable versions 1.0.19 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13b040259b7b Credits Bob Matyas...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability

Authentication Bypass and Privilege Escalation Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.20...

WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.20 is vulnerable to Privilege Escalation

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.20 Fixed in 1.22.21 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38770 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3832eb3f9ffc Credits Da...

WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross Site Request Forgery CSRF leading to Notice Dismissal vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Matomo Analytics versions = 5.1.1...

WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme i-transform versions = 3.0.9...

WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL Injection

Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5325 Patch priority High CVSS severity High 8.5 Developer WPVibes PSID ede7aa3d2234 Credits Peter Thaleikis Required...

WordPress Popularis Verse Theme <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Popularis Verse Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38763 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be4cf6f1e0c0 Credits Dhabaleshwar Das...

WordPress Typebot plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Typebot versions = 3.6.0...

WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Coming Soon versions = 1.6.3...

WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Taggbox versions = 3.3...

WordPress Zoho Campaigns plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Zoho Campaigns versions = 2.0.8...

WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Animated Rotating Words versions = 5.6...

WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin EleForms versions = 2.9.9.9...

WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin MBE eShip versions = 2.1.2...

WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme OnePress versions = 2.3.8...

WordPress Change From Email plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Change From Email versions = 1.2.1...

WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Event post versions = 5.9.5...