WordPress WPCS ( WordPress Custom Search ) plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin WPCS WordPress Custom Search versions = 1.1...

WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability

Rating Value Manipulation vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin WP Post Author versions = 3.6.4...

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 critical, the vulnerability...

WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Do Truong Giang Patchstack Alliance in WordPress Plugin Auto Affiliate Links versions = 6.4.3.1...

WordPress Brozzme Scroll Top Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Brozzme Scroll Top Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34426 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 40ba77316890 Credits Cronus Required privilege Administrat...

WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin Sina Extension for Elementor versions = 3.5.1...

WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin SEOPress versions = 7.7.1...

WordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerability

API Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin LeadConnector versions = 1.7...

WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Edge versions = 2.0.9...

WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin FlexTable versions = 3.7.0...

WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Post Grid Master versions = 3.4.7...

WordPress Mooberry Book Manager plugin <= 4.15.12 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Mooberry Book Manager versions = 4.15.12...

WordPress Post Grid Master Plugin <= 3.4.7 is vulnerable to Broken Access Control

Software Post Grid Master Type Plugin Vulnerable versions = 3.4.7 Fixed in 3.4.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34372 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0741b4afb35b Credits Dhabaleshwar Das Required...

WordPress Simple Image Popup plugin <= 2.4.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Simple Image Popup versions = 2.4.0...

WordPress Contact Form by WPForms Plugin <= 1.8.7.2 is vulnerable to Broken Access Control

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.8.7.2 Fixed in 1.8.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3649 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f3183fdcee99 Credits Asaf Mozes Require...

WordPress Simple Image Popup Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Image Popup Type Plugin Vulnerable versions = 2.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4433 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 884d37bdacd5 Credits Cronus Required privilege Administrato...

WordPress Adventure Journal theme <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Adventure Journal versions = 1.7.2...

WordPress Unique theme <= 0.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Unique versions = 0.3.0...

WordPress Perfect Pullquotes plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Perfect Pullquotes versions = 1.7.5...

WordPress TweetScroll Widget plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin TweetScroll Widget versions = 1.3.7...