WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Filebird versions = 5.6.3...

WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin All Bootstrap Blocks versions = 1.3.15...

WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.25...

WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin iPages Flipbook versions = 1.5.1...

WordPress Netgsm plugin <= 2.9.32 - Broken Access Control + CSRF vulnerability

Broken Access Control + CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Netgsm versions = 2.9.32...

WordPress All Bootstrap Blocks Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35169 Patch priority Low CVSS severity Low 5.9 Developer AREOI PSID 986d96f4d07f Credits 4rCanJ0x! Required privilege Author...

WordPress WP Discourse Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software WP Discourse Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4c4620868728 Credits Joshua Chan Required privilege...

WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin MC Woocommerce Wishlist versions = 1.7.2...

WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin If-So Dynamic Content Personalization versions = 1.7.1...

WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Contact List versions = 2.9.87...

WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.20...

WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin TranslatePress versions = 2.7.5...

WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Easy Digital Downloads versions = 3.2.11...

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability CVE-2023-40000, CVSS score: 8.3 has been leveraged to set u...

WordPress Ditty Plugin <= 3.1.38 is vulnerable to PHP Object Injection

Software Ditty Type Plugin Vulnerable versions = 3.1.38 Fixed in 3.1.39 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3954 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 3afcc0b0dfe5 Credits Trinh Vu Sonicrrrr Required privilege...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by wpdabh Patchstack Alliance in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.0.3...

WordPress Fancy Elementor Flipbox plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Fancy Elementor Flipbox versions = 2.5.2...

WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Himalayas versions = 1.3.0...

WordPress Zotpress plugin <= 7.3.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Zotpress versions = 7.3.9...

WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Gold Addons for Elementor versions = 1.2.9...