WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Laybuy Payment Extension for WooCommerce versions = 5.3.9...

WordPress Ibtana plugin <= 1.2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Ibtana versions = 1.2.3.3...

WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin Tabs versions = 4.0.6...

WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Sinatra versions = 1.3...

WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability

Unauthenticated Settings & Users Data Dump vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability

CSRF leading to notice dismissal vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Envira Photo Gallery versions = 1.8.7.3...

WordPress WPMU Defender plugin <= 3.3.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin Defender Security versions = 3.3.2...

WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin WP 2FA versions = 2.6.3...

WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.1...

WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Consulting Elementor Widgets versions = 1.3.0...

WordPress Consulting Elementor Widgets plugin <= 1.3.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Consulting Elementor Widgets versions = 1.3.0...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Privilege Escalation

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37107 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 853821d46a11 Credits Dave Jong Patchstack...

WordPress My Favorites Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software My Favorites Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37114 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e94c277c4f6 Credits Jean Tirstan T Required privilege Contribut...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to SQL Injection

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification SQL Injection CVE CVE-2024-37112 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 61954a7187be Credits Dave Jong Patchstack Required...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Sensitive Data Exposure

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37110 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a0be12d15f6b Credits Dave Jong Patchstack...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary Code Execution

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-37109 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fa508ef02b6e Credits Dave Jong Patchstack Required...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37090 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6570f9049c30 Credits Rafie Muhammad Patchstack Required...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary File Deletion

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37108 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 544b49cbebea Credits Dave Jong Patchstack...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37089 Patch priority High CVSS severity High 9 Developer Claim ownership PSID af33d70e30a2 Credits Rafie Muhammad Patchstack...