WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Metform versions = 3.8.3...

WordPress Instant Images plugin <= 6.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Instant Images versions = 6.1.0...

WordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerability

Arbitrary File Read and Phar Deserialization vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Element Pack Pro versions 7.19.3...

WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.5.3...

WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability

Limited Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability

Authenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Masquerade versions = 1.1.0...

WordPress WZone plugin < 14.1.00 - Site Wide Broken Access Control vulnerability

Site Wide Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...

WordPress WZone plugin <= 14.0.33 - Arbitrary SQL Update Execution vulnerability

Arbitrary SQL Update Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions = 14.0.33...

WordPress WZone plugin < 14.1.00 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WZone versions 14.1.00...

WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.06...

WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin Better Elementor Addons versions = 1.4.1...

WordPress ColorNews theme <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme ColorNews versions = 1.2.6...

WordPress Easy Set Favicon Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy Set Favicon Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33645 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c770d55f2af Credits Dimas Maulana Required privilege...

WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...

WordPress XforWooCommerce Plugin <= 2.0.2 is vulnerable to Local File Inclusion

Software XforWooCommerce Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33628 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c41c6a05c14e Credits Dave Jong Patchstack Required privilege...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Broken Access Control

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33555 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1c391075b80a Credits Rafie Muhammad Patchstack...

WordPress XStore Theme <= 9.3.8 is vulnerable to Broken Access Control

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33563 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID b054c7b1c33a Credits Rafie Muhammad Patchstack Required...

WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Privilege Escalation

Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33569 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID d731bc7eedd6 Credits Rafie...