WordPress WZone Plugin <= 14.0.33 is vulnerable to Cross Site Scripting (XSS)

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33548 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 056b1a28280e Credits Rafie Muhammad Patchstack Required privile...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to PHP Object Injection

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-33553 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 49ab51cfb6ce Credits Rafie Muhammad Patchstack Required privilege...

WordPress WZone Plugin <= 14.0.33 is vulnerable to Privilege Escalation

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33549 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a1d74d6dfe5c Credits Rafie Muhammad...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Arbitrary File Download

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-33558 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 535d5071f992 Credits Rafie Muhammad Patchstack...

WordPress WZone Plugin <= 14.0.33 is vulnerable to SQL Injection

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33546 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 44537a1aade6 Credits Rafie Muhammad Patchstack Required privilege Subscriber...

WordPress Leaky Paywall Plugin <= 4.20.8 is vulnerable to Broken Access Control

Software Leaky Paywall Type Plugin Vulnerable versions = 4.20.8 Fixed in 4.20.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33594 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID a83bbae5ad9a Credits Joshua Chan Required privileg...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Privilege Escalation

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33552 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d1199dede4c1 Credits Rafie...

WordPress XStore Theme <= 9.3.8 is vulnerable to Broken Access Control

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33561 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b6ec6d6c7945 Credits Rafie Muhammad Patchstack Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

WordPress XStore Core Plugin <= 5.3.8 is vulnerable to Cross Site Scripting (XSS)

Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33554 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c7395c437d4a Credits Rafie Muhammad Patchstack Required...

WordPress Piotnet Addons For Elementor Pro Plugin <= 7.1.17 is vulnerable to Cross Site Scripting (XSS)

Software Piotnet Addons For Elementor Pro Type Plugin Vulnerable versions = 7.1.17 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33633 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1e1ccb12f64 Credits Dave Jong...

WordPress Blocksy theme <= 2.0.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Theme Blocksy versions = 2.0.33...

WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Booking Ultra Pro versions = 1.1.12...

WordPress Exclusive Addons Elementor Plugin <= 2.6.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9.3 Fixed in 2.6.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2750 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4df0b84e184c Credits wesley...

WordPress Slash Admin Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Slash Admin Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-32958 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 52a29e92a4ae Credits Cronus Required...

WordPress Page Builder: Live Composer Plugin <= 1.5.38 is vulnerable to Broken Access Control

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.38 Fixed in 1.5.39 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32957 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 6edbbb14734c Credits savphill Requir...

WordPress UDesign Theme <= 4.7.3 is vulnerable to Cross Site Scripting (XSS)

Software UDesign Type Theme Vulnerable versions = 4.7.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4077 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b5fe2949f69d Credits Rafie Muhammad Patchstack Required privilege...

WordPress Sirv Plugin <= 7.2.2 is vulnerable to Privilege Escalation

Software Sirv Type Plugin Vulnerable versions = 7.2.2 Fixed in 7.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-32959 Patch priority High CVSS severity High 8.8 Developer Sirv PSID 299a67279292 Credits Emili Castells Required...

WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin RTMKit versions = 1.4.1...

WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Unauthenticated Plugin Settings Reset vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Max Addons Pro for Bricks versions = 1.6.1...