WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Meks Video Importer versions = 1.0.12...

WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Patricia Blog versions = 1.2...

WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Seraphinite Post .DOCX Source versions = 2.16.9...

WordPress EazyDocs plugin <= 2.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin EazyDocs versions = 2.5.0...

WordPress EazyDocs plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin EazyDocs versions = 2.5.0...

WordPress Booking Ultra Pro Appointments Booking Calendar plugin <= 1.1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Booking Ultra Pro versions = 1.1.13...

WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Events Calendar for Google versions = 2.1.0...

WordPress Qi Blocks plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Qi Blocks versions = 1.3...

WordPress Link Library plugin <= 7.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Link Library versions = 7.7.1...

WordPress Master Addons for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.6.2...

WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Product Delivery Date for WooCommerce – Lite versions = 2.7.2...

WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by filime Patchstack Alliance in WordPress Plugin Academy LMS versions = 2.0.4...

WordPress MBE eShip Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software MBE eShip Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38729 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4adf7a356e66 Credits Joshua Chan Required...

WordPress Plum: Spin Wheel & Email Pop-up Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Plum: Spin Wheel & Email Pop-up Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38744 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 688ef82694b8 Credits Ananda Dhakal Patchstack...

WordPress HT Mega Plugin <= 2.5.7 is vulnerable to Path Traversal

Software HT Mega Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-38706 Patch priority Medium CVSS severity Medium 6.5 Developer HTMega PSID b18f0032ef99 Credits Rafie Muhammad Patchstack Required privilege...

WordPress EmbedPress Plugin <= 4.0.4 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38707 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f167af72d43c Credits Rafie Muhammad Patchstack...

WordPress Simple Popup plugin <= 4.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Simple Popup versions = 4.4...

WordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin FancyPost versions = 5.3.1...

WordPress Magical Addons For Elementor plugin <= 1.1.41 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SouzaZinn Patchstack Alliance in WordPress Plugin Magical Addons For Elementor versions = 1.1.41...

WordPress REVIEWS.io plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin REVIEWS.io versions = 1.2.8...