WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin CRM Perks Forms versions = 1.1.5...

WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin SuperSaaS – online appointment scheduling versions = 2.1.9...

WordPress Ultimate Blocks – WordPress Blocks Plugin plugin <= 3.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Ultimate Blocks versions = 3.1.9...

WordPress Newspack Ads Plugin <= 1.47.1 is vulnerable to Cross Site Scripting (XSS)

Software Newspack Ads Type Plugin Vulnerable versions = 1.47.1 Fixed in 1.47.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37474 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8d60e34d1ee Credits Rafie Muhammad Patchstack Required...

WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Broken Access Control

Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37475 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eaec81ca6f12 Credits Rafie Muhammad...

WordPress Ultimate Addons for Elementor Plugin <= 1.36.31 is vulnerable to Privilege Escalation

Software Ultimate Addons for Elementor Type Plugin Vulnerable versions = 1.36.31 Fixed in 1.36.32 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37455 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID accfb8b8dfc3 Credits Ngô...

WordPress Widget4Call Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Widget4Call Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5727 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 957add8ae997 Credits Bob Matyas Required...

WordPress Schema Lite theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Schema Lite versions = 1.2.2...

WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Travel Agency versions = 1.4.9...

WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Benevolent versions = 1.3.4...

WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Slider Revolution versions = 6.7.13...

WordPress PixelYourSite plugin <= 9.6.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ngductung Patchstack Alliance in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 9.6.1.1...

WordPress ARMember Premium plugin < 6.7.1 - Cross Site Request Forgery (CSRF)

Cross Site Request Forgery CSRF vulnerability discovered by Cat Patchstack Alliance in WordPress Plugin ARMember Premium versions 6.7.1...

WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability

Unauthenticated License Settings Reset vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Automator Pro versions 5.3.0.1...

WordPress Esteem theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Theme Esteem versions = 1.5.0...

WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Mesmerize versions = 1.6.120...

WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Elegant Pink versions = 1.3.0...

WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Blocks versions = 3.0.8...

WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Blocks versions = 3.0.8...

WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme JobScout versions = 1.1.4...