WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Newsletters versions = 2.13.2...

WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Job Manager - Resume Manager versions = 2.1.0...

WordPress FS Poster plugin <= 6.5.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin FS Poster versions = 6.5.8...

WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nosa Shandy Patchstack Alliance in WordPress Plugin Loco Translate versions = 2.6.9...

WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Play.ht versions = 3.6.4...

WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Salon booking system versions = 9.9...

WordPress Blogmentor – Blog Layouts for Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Blogmentor – Blog Layouts for Elementor versions = 1.5...

WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability

Directory Traversal vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin SP Project & Document Manager versions = 4.71...

WordPress Restaurant Reservations plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Restaurant Reservations versions = 2.0...

WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Optinly versions = 1.0.18...

WordPress Page Builder Sandwich <= 5.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Page Builder Sandwich – Front-End Page Builder versions = 5.1.0...

WordPress Sketchfab Embed Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Sketchfab Embed Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37216 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df405e37366c Credits LVT-tholv2k Required privilege Contributor...

WordPress Groundhogg Plugin <= 3.4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 3.4.2.3 Fixed in 3.4.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4cc62fb9525a Credits Ananda Dhakal Patchstack...

WordPress Hercules Core Plugin <= 6.5 is vulnerable to Settings Change

Software Hercules Core Type Plugin Vulnerable versions = 6.5 Fixed in 6.7 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-37232 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1152267cf25e Credits Dave Jong Patchstack Required privilege...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin AliNext versions = 3.3.5...

WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin User Rights Access Manager versions = 1.1.2...

WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Scraper versions = 5.7...

WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin affiliate-toolkit versions = 3.4.4...

WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin PropertyHive versions = 2.0.9...