WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to Arbitrary File Deletion

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37932 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 80d70b64099f Credits Dave Jong Patchstack...

WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to SQL Injection

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37933 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ffbf45a16888 Credits Dave Jong Patchstack Required privilege...

WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...

WordPress WPFavicon plugin <= 2.1.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin WPFavicon versions = 2.1.1...

WordPress WP Cookie Law Info plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by filime Patchstack Alliance in WordPress Plugin WP Cookie Law Info versions = 1.1...

WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Social Media & Share Icons versions = 2.9.1...

WordPress Simple Social Share plugin <=3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Simple Social Share versions = 3.0...

WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Image Hover Effects - Caption Hover with Carousel versions = 3.0.2...

WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Ultimate Auction versions = 4.2.5...

WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive Image Gallery, Gallery Album versions = 2.0.3...

WordPress Link To Bible plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Link To Bible versions = 2.5.9...

WordPress WP To Do Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP To Do Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37539 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e78be231480 Credits younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHe...

WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Responsive Image Gallery, Gallery Album Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37542 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 563a47d11703 Credits...

WordPress WP Cookie Law Info Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Cookie Law Info Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37557 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f9392fcaab80 Credits filime Required privilege Administrator...

WordPress Leaky Paywall Plugin <= 4.21.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leaky Paywall Type Plugin Vulnerable versions = 4.21.2 Fixed in 4.21.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37540 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6553531150a7 Credits Ananda Dhakal Patchstack...

WordPress zBench theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme zBench versions = 1.4.2...

WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Spectra versions = 2.13.7...

WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.6.3...

WordPress Business One Page theme <= 1.2.9 - Broken Access Control on Notice Dismissal vulnerability

Broken Access Control on Notice Dismissal vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Business One Page versions = 1.2.9...

WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Lawyer Landing Page versions = 1.2.4...