WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Coachify versions = 1.0.7...

WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Fulan Engineering Patchstack Alliance in WordPress Plugin Branda versions = 3.4.17...

WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Preschool and Kindergarten versions = 1.2.1...

WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin PowerPack Lite for Beaver Builder versions = 1.3.0.3...

WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin PowerPack Lite for Beaver Builder versions = 1.3.0.4...

WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Defender Security versions = 4.7.1...

WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Featured Image from URL versions = 4.8.1...

WordPress Patreon WordPress Plugin <= 1.9.0 is vulnerable to Bypass Vulnerability

Software Patreon WordPress Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-37430 Patch priority Low CVSS severity Low 5.3 Developer Patreon PSID 5d86fa6898c3 Credits MCboyIR Required privilege Unauthenticated...

WordPress Uncanny Automator Pro Plugin < 5.3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Uncanny Automator Pro Type Plugin Vulnerable versions 5.3.0.1 Fixed in 5.3.0.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37118 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a019b21cb78d Credits Dave Jong...

WordPress Elementor Pro Plugin <= 3.21.2 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.21.2 Fixed in 3.21.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 41d6dec3f86d Credits Michael Required privilege...

WordPress Uncanny Toolkit Pro for LearnDash Plugin < 4.1.4.1 is vulnerable to Other Vulnerability Type

Software Uncanny Toolkit Pro for LearnDash Type Plugin Vulnerable versions 4.1.4.1 Fixed in 4.1.4.1 OWASP Top 10 A1: Broken Access Control Classification Other Vulnerability Type CVE CVE-2024-37439 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e91e3a155b54 Credits Dave...

WordPress Slider Revolution Plugin <= 6.7.13 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.7.13 Fixed in 6.7.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37449 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 0c45389d2eaa Credits wcraft Required privilege Administrator...

WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Arbitrary File Upload

Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-37424 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID dd4273e7b78e Credits Rafie Muhammad Patchstack Required...

WordPress E2Pdf plugin <= 1.24.00 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin e2pdf versions = 1.24.00...

WordPress Embedpress plugin <= 4.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin EmbedPress versions = 4.0.2...

WordPress PDF Viewer plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin PDF Viewer versions = 1.1.0...

WordPress PDF Poster plugin <= 2.1.21 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin PDF Poster versions = 2.1.21...

WordPress PDF Embedder plugin <= 4.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by m3ez Patchstack Alliance in WordPress Plugin PDF Embedder versions = 4.7.1...

WordPress NextScripts plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NextScripts versions = 4.4.6...

WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Travel Monster versions = 1.1.2...