WordPress AdPush plugin <= 1.50 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin AdPush versions = 1.50...

WordPress Predictive Search for WooCommerce plugin <= 6.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WooCommerce Predictive Search versions = 6.0.1...

WordPress codoc plugin <= 0.9.51.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin codoc versions = 0.9.51.12...

WordPress Simple Responsive Slider plugin <= 0.2.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Simple Responsive Slider versions = 0.2.2.5...

WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.2...

WordPress BerqWP plugin <= 1.7.5 - Unauthenticated Non-Blind Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Non-Blind Server Side Request Forgery SSRF vulnerability discovered by Dave Jong Patchstack in WordPress Plugin BerqWP versions = 1.7.5...

WordPress BerqWP Plugin <= 1.7.5 is vulnerable to Server Side Request Forgery (SSRF)

Software BerqWP Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-37942 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 20a1b9b96001 Credits Dave Jong Patchstack Required...

WordPress Responsive Mobile Theme <=1.15.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Mobile Type Theme Vulnerable versions =1.15.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37949 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c54227e96d86 Credits stealthcopter Required privilege...

WordPress Master Popups Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Master Popups Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37950 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e2bd55990b6e Credits alfido osdie Patchstack Alliance Required...

WordPress YITH WooCommerce Ajax Product Filter Plugin <= 5.1.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Ajax Product Filter Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37943 Patch priority Medium CVSS severity Medium 5.8 Developer YITH PSID e8d179cee8c5 Credits Rafie Muhammad...

WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Woocommerce OpenPos versions = 6.4.4...

WordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Point versions = 1.1...

WordPress SmartMag theme < 10.1.0 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme SmartMag versions 10.1.0...

WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability

Subscriber+ Multiple Broken Access Control vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...

WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Accessibility Helper WAH versions = 0.6.2.9...

WordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress Theme BuddyBoss Theme versions = 2.4.61...

WordPress Cliengo – Chatbot plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Cliengo – Chatbot versions = 3.0.4...

WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin PayPlus Payment Gateway versions = 7.0.7...

WordPress WP User Switch plugin <= 1.1.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin WP User Switch versions = 1.1.2...

WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to SQL Injection

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37933 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ffbf45a16888 Credits Dave Jong Patchstack Required privilege...