WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.7.2...

WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Disable Elementor Editor Translation versions = 1.0.2...

WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Product Blocks for WooCommerce versions = 1.9.1...

WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.2.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Admin and Site Enhancements ASE Pro versions = 7.6.2.1...

WordPress Dynamic URL SEO plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Dynamic URL SEO versions = 1.0...

WordPress Vehicle Manager plugin <= 3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin WP Vehicle Manager versions = 3.1...

WordPress Album Reviewer plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Album Reviewer versions = 2.0.2...

WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Pham Van Tam Patchstack Alliance in WordPress Plugin Content Cloner versions = 1.0.1...

WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Forex Calculators versions = 1.3.6...

WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin DigiTimber cPanel Integration versions = 1.4.6...

WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Plugin Nirweb support versions = 3.0.3...

WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Document Block – Upload & Embed Docs versions = 1.1.0...

WordPress Responsive Blocks plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Responsive Blocks versions = 1.9.9...

WordPress Traveler Code plugin < 3.1.2 - Unauthenticated Arbitrary SQL Execution vulnerability

Unauthenticated Arbitrary SQL Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Traveler Code versions 3.1.2...

WordPress Photography Theme <= 7.7.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions = 7.7.2...

WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Monetag Official Plugin versions = 1.1.3...

WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.27.12...

WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Full Circle versions = 0.5.7.8...

WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Dynamic URL SEO versions = 1.0...

WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Internal Link Builder versions = 1.0...