WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce Social Login versions = 2.6.3...

WordPress The Events Calendar Plugin <= 6.5.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software The Events Calendar Type Plugin Vulnerable versions = 6.5.1.4 Fixed in 6.5.1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37518 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID b351df137690 Credits Rafi...

WordPress ShopBuilder – Elementor WooCommerce Builder Addons Plugin <= 2.1.12 is vulnerable to Local File Inclusion

Software ShopBuilder – Elementor WooCommerce Builder Addons Type Plugin Vulnerable versions = 2.1.12 Fixed in 2.1.13 OWASP Top 10 A6: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-37520 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID 818612bafe4...

WordPress Featured Image from URL Plugin <= 4.8.2 is vulnerable to Broken Access Control

Software Featured Image from URL Type Plugin Vulnerable versions = 4.8.2 Fixed in 4.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37516 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 819896bb0ba3 Credits Rafie Muhammad...

WordPress WooCommerce Social Login Plugin <= 2.6.3 is vulnerable to PHP Object Injection

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.7.0 OWASP Top 10 A5: Security Misconfiguration Classification PHP Object Injection CVE CVE-2024-37502 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 642655a733d8 Credits Ananda Dhak...

WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Charitable versions = 1.8.1.7...

WordPress Beaver Builder plugin <= 2.8.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Beaver Builder versions = 2.8.2.2...

WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Charitable versions = 1.8.1.7...

WordPress MakeCommerce for WooCommerce plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin MakeCommerce for WooCommerce versions = 3.5.1...

WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Eventin versions = 3.3.57...

WordPress BookYourTravel theme <= 8.18.17 - Subscriber+ Privilege Escalation vulnerability

Subscriber+ Privilege Escalation vulnerability discovered by Dave Jong Patchstack in WordPress Theme BookYourTravel versions = 8.18.17...

WordPress JetThemeCore plugin < 2.2.1 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin JetThemeCore versions 2.2.1...

WordPress Gutenberg plugin <= 18.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Gutenberg versions = 18.6.0...

WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Rife Free versions = 2.4.18...

WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Bard versions = 2.210...

WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin The Post Grid versions = 7.7.4...

WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin The Post Grid versions = 7.7.4...

WordPress JetThemeCore Plugin < 2.2.1 is vulnerable to Arbitrary File Deletion

Software JetThemeCore Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37497 Patch priority High CVSS severity High 7.7 Developer Crocoblock PSID 285d7262cac1 Credits Dave Jong Patchstack Required...

WordPress Ninja Forms Plugin <= 3.8.4 is vulnerable to Broken Access Control

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.4 Fixed in 3.8.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37934 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5bd0529a71e3 Credits Rafie Muhammad Patchstack Require...

WordPress The Post Grid Plugin <= 7.7.4 is vulnerable to Broken Access Control

Software The Post Grid Type Plugin Vulnerable versions = 7.7.4 Fixed in 7.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37482 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID cde94030335f Credits Rafie Muhammad Patchstack Requir...