WordPress WP-Cufon plugin <= 1.6.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin WP-Cufon versions = 1.6.10...

WordPress Easy CountDowner plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Easy CountDowner versions = 1.0.8...

WordPress Simple Testimonials Showcase plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Simple Testimonials Showcase versions = 1.1.5...

WordPress Jotform Online Forms plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Jotform Online Forms versions = 1.3.1...

WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Theme My Login versions = 7.1.6...

WordPress GG Woo Feed for WooCommerce plugin <= 1.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin GG Woo Feed for WooCommerce versions = 1.2.6...

WordPress Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin <= 1.4.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Custom Thank You Page Customize For WooCommerce by Binary Carpenter versions = 1.4.12...

WordPress Multi Currency For WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Multi Currency For WooCommerce versions = 1.5.5...

WordPress Product Feed PRO for WooCommerce plugin <= 13.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Product Feed PRO for WooCommerce versions = 13.3.1...

WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability

Form Submission Restriction Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin weForms versions = 1.6.20...

WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Cost Estimation & Payment Forms Builder versions = 10.1.75...

WordPress Mailster plugin <= 4.0.6 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Mailster versions = 4.0.6...

WordPress DethemeKit For Elementor plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin DethemeKit For Elementor versions = 2.0.2...

WordPress Radio Player plugin <= 2.0.73 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Radio Player versions = 2.0.73...

WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Elements kit Elementor addons versions = 3.0.6...

WordPress weForms Plugin <= 1.6.20 is vulnerable to Bypass Vulnerability

Software weForms Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32512 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID afd56fb1f506 Credits Kyle Sanchez Required privilege...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 223 is vulnerable to Cross Site Scripting (XSS)

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 223 Fixed in 224 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6811 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to Cross Site Scripting (XSS)

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 052582e81e99 Credits...

WordPress Tax Rate Upload Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Tax Rate Upload Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32546 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e0f99a4ecd9c Credits Dimas Maulana Required privilege...

WordPress Simple Registration for WooCommerce Plugin <= 1.5.6 is vulnerable to Privilege Escalation

Software Simple Registration for WooCommerce Type Plugin Vulnerable versions = 1.5.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-32511 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 088fc8769d...