WordPress Demo Awesome Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software Demo Awesome Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37207 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 678378443c06 Credits Abdi Pranata Required privilege...

WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter Plugin <= 1.222.16 is vulnerable to Broken Access Control

Software Ultimate Custom Add To Cart Button Ajax For WooCommerce by Binary Carpenter Type Plugin Vulnerable versions = 1.222.16 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37202 Patch priority Medium CVSS severity Medium 6.5 Developer Clai...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Remote Code Execution (RCE)

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 9000e26ba1f3 Credits Rafie Muhammad...

WordPress Master Slider Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Type Plugin Vulnerable versions = 3.10.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37222 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90295bc054b8 Credits Rafie Muhammad Patchstack Required...

Exploit for Improper Authentication in Elementor Website_Builder

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to N...

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability

Contributor+ Shortcode Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Page Builder: Live Composer versions = 1.5.42...

WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hueman versions = 3.7.24...

WordPress Slideshow SE plugin <= 2.5.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Slideshow SE versions = 2.5.20...

WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Squeeze versions = 1.4...

WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Excellent versions = 1.2.9...

WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Serious Slider versions = 1.2.4...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.4.0...

WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LuxF0z Patchstack Alliance in WordPress Plugin WP Job Portal versions = 2.1.3...

WordPress Interface theme <= 3.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Interface versions = 3.1.0...

WordPress Easy Age Verify plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Huynh Tien Si Patchstack Alliance in WordPress Plugin Easy Age Verify versions = 1.8.2...

WordPress Tooltip CK plugin <=2.2.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Tooltip CK versions = 2.2.15...

WordPress TemplatesNext OnePager plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin TemplatesNext OnePager versions = 1.3.3...

WordPress Stellissimo Text Box plugin 1.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Stellissimo Text Box versions = 1.1.4...

WordPress Woody code snippets plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Woody ad snippets versions = 2.5.0...

WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive Image Gallery, Gallery Album versions = 2.0.3...