WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin TrustedLogin Vendor versions 1.1.1...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.2...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.2...

WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability

Path Traversal vulnerability discovered by filime Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.1...

WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by vps1- Patchstack Alliance in WordPress Plugin Enter Addons versions = 2.1.6...

WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 2.4.7...

WordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Kursat Cetin Patchstack in WordPress Theme Foxiz versions = 2.3.5...

WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Permalink Manager Lite versions = 2.4.3.3...

WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin File Manager versions = 7.2.7...

WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability

Content Injection vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin WooCommerce versions = 8.9.2...

WordPress Wonder PDF Embed Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)

Software Wonder PDF Embed Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 563e16943dd0 Credits Yudistira Arya Required privilege Author...

WordPress Masterstudy Elementor Widgets Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Masterstudy Elementor Widgets Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c3068c566a95 Credits Rafie Muhammad...

WordPress Social Rocket Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Social Rocket Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37258 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44ba23451631 Credits Dimas Maulana Required privilege...

WordPress Advanced Custom Fields PRO Plugin < 6.3.2 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37250 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d5f89be56d4 Credits Rafie Muhammad...

WordPress Anima theme <=1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Anima versions = 1.4.1...

WordPress Gallery Slideshow plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin Gallery Slideshow versions = 1.4.1...

WordPress core < 6.5.5 - Contributor+ Path Traversal (Windows Only) vulnerability

Contributor+ Path Traversal Windows Only vulnerability discovered by Rafie M & Edouard L Patchstack in WordPress core versions 6.5.5...

WordPress BLAZE Retail Widget Plugin 2.2.5-2.5.2 is vulnerable to Backdoor

Software BLAZE Retail Widget Type Plugin Vulnerable versions 2.2.5-2.5.2 Fixed in 2.5.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID b9aa7ce213ab Credits WordFence Required privilege Unauthenticated...

WordPress is vulnerable to Path Traversal

Software WordPress Type WordPress Core Vulnerable versions 6.5.5 Fixed in 6.5.5 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-32111 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID f2c038f99720 Credits Rafie Muhammad Patchstack Required...

WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Vandana Lite versions = 1.1.9...