WordPress RegistrationMagic plugin <= 5.3.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin RegistrationMagic versions = 5.3.2.0...

WordPress Ultimate Under Construction plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Ultimate Under Construction versions = 1.9.3...

WordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Google Typography versions = 1.1.2...

WordPress WooCommerce AWeber Newsletter Subscription Plugin <= 4.0.2 is vulnerable to Settings Change

Software WooCommerce AWeber Newsletter Subscription Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33944 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 016ccf61bb0f Credits Da...

WordPress WPify Woo Czech Plugin <= 4.0.10 is vulnerable to Cross Site Scripting (XSS)

Software WPify Woo Czech Type Plugin Vulnerable versions = 4.0.10 Fixed in 4.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33946 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d10c6f290e6a Credits Dimas Maulana Required privile...

WordPress AA Cash Calculator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software AA Cash Calculator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0848 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0f4d37bdc2c4 Credits Nathaniel Oh 0x4n3...

WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Directorist versions = 7.8.6...

WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin CodeBard's Patron Button and Widgets for Patreon versions = 2.2.0...

WordPress Giphypress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Giphypress versions = 1.6.2...

WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Embed Google Fonts versions = 3.1.0...

WordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin ReviewX versions = 1.6.21...

WordPress Democracy Poll plugin <= 6.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Democracy Poll versions = 6.1.1...

WordPress CPO Companion plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin CPO Companion versions = 1.1.0...

WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Media Cleaner versions = 6.7.2...

WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Debug Log Manager versions = 2.3.1...

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Broken Access Control on Post Duplication vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.1...

WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability

Broken Access Control on Paid Courses vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.16...

WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ivan Spiridonov Patchstack Alliance in WordPress Plugin School Management Pro versions = 10.3.4...

WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Digital Publications by Supsystic versions = 1.7.7...

WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin iPages Flipbook versions = 1.5.1...