WordPress wpForo Forum Plugin <= 2.3.3 is vulnerable to SQL Injection

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3200 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 101daf0caeac Credits Krzysztof Zając Required privilege Contributor...

WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ret2desync Patchstack Alliance in WordPress Plugin Preferred Languages versions = 2.2.2...

WordPress WP Back Button plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by alfido osdie Patchstack Alliance in WordPress Plugin WP Back Button versions = 1.1.3...

WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Site Favicon versions = 0.2...

WordPress Just Writing Statistics plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Just Writing Statistics versions = 4.5...

WordPress Safety Exit plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Safety Exit versions = 1.7.0...

WordPress Simple Spoiler plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Simple Spoiler versions = 1.2...

WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin Blocksy Companion versions = 2.0.42...

WordPress Gianism Plugin <= 5.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Gianism Type Plugin Vulnerable versions = 5.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3921 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 07b73547799b Credits Felipe Restrepo Rodriguez Mateo...

WordPress Slider Revolution Plugin < 6.7.0 is vulnerable to Broken Access Control

Software Slider Revolution Type Plugin Vulnerable versions 6.7.0 Fixed in 6.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34444 Patch priority Medium CVSS severity Medium 7.1 Developer ThemePunch PSID de1987954a97 Credits Rafie Muhammad Patchstack...

Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability

File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Woocommerce – Recent Purchases versions = 1.0.1...

WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability

Remote File Inclusion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Easy Digital Downloads – Recent Purchases versions = 1.0.2...

WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Photo Gallery by 10Web versions = 1.8.25...

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4534 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3868f534725e Credits Bob Matyas...

WordPress Spectra Plugin <= 2.12.8 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1814 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8365e8ec8dfb Credits wesley wcraft Required privile...

WordPress Hash Elements Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Hash Elements Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5177 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3175f5a96af0 Credits stealthcopter Required...

WordPress Userpro Plugin <= 5.1.8 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-35700 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbe11c6e1e92 Credits Rafie Muhammad...

WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Fastly versions = 1.2.25...

WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin AdFoxly – Ad Manager, AdSense Ads & Ads.txt versions = 1.8.5...

WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by alfido osdie Patchstack Alliance in WordPress Plugin PopupAlly versions = 2.1.1...