WordPress FileBird Document Library Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure

Software FileBird Document Library Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.8.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7621ab22a70e Credits Peng Zhou...

WordPress WP User Frontend Plugin <= 4.0.7 is vulnerable to Backdoor

Software WP User Frontend Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b7d6d9c8134f Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress Mine Video Player Plugin <= 2.8.11 is vulnerable to Backdoor

Software Mine Video Player Type Plugin Vulnerable versions = 2.8.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 608bda8dc346 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress Pixel Manager for WooCommerce Plugin <= 1.43.3 is vulnerable to Backdoor

Software Pixel Manager for WooCommerce Type Plugin Vulnerable versions = 1.43.3 Fixed in 1.43.4 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer SweetCode PSID 3a6235394517 Credits Sansec.io Required privilege Unauthenticated Published ...

WordPress Amelia Shortcode Extended Plugin <= 1.6 is vulnerable to Backdoor

Software Amelia Shortcode Extended Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6bcf0ef7322f Credits Sansec.io Required privilege Unauthenticated Published 3...

WordPress Digital River Global Commerce Plugin <= 2.0.2 is vulnerable to Backdoor

Software Digital River Global Commerce Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 094cc90dcba0 Credits Sansec.io Required privilege Unauthenticated Publishe...

WordPress Social Warfare Plugin <= 4.4.7.1 is vulnerable to Backdoor

Software Social Warfare Type Plugin Vulnerable versions = 4.4.7.1 Fixed in 4.4.7.3 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 63a044ca178e Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress FireBox Plugin <= 2.1.15 is vulnerable to Backdoor

Software FireBox Type Plugin Vulnerable versions = 2.1.15 Fixed in 2.1.16 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8a543ab1ba05 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Ideaplus Plugin <= 1.0.5 is vulnerable to Backdoor

Software Ideaplus Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ec824eebab48 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Weight Tracker Plugin <= 10.9.1 is vulnerable to Backdoor

Software Weight Tracker Type Plugin Vulnerable versions = 10.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6e0abdbba268 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Field Day Plugin <= 3.3.8 is vulnerable to Backdoor

Software Field Day Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.4.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 00638b889259 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Meal Tracker Plugin <= 3.1.6 is vulnerable to Backdoor

Software Meal Tracker Type Plugin Vulnerable versions = 3.1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e250a3bed696 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress Logic Hop Plugin <= 3.8.8 is vulnerable to Backdoor

Software Logic Hop Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.9.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e54343bdaeda Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress sitetweet Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software sitetweet Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5767 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c48f5eb9dccc Credits WPscan Required privilege...

WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Ashe versions = 2.233...

WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.8...

WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.8...

WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Newsmatic versions = 1.3.1...

WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hestia versions = 3.1.2...

WordPress AI Power: Complete AI Pack – Powered by GPT-4 plugin <= 1.8.66 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin GPT3 AI Content Writer versions = 1.8.66...