WordPress Flexible Checkout Fields for WooCommerce Plugin <= 4.1.2 is vulnerable to Broken Access Control

Software Flexible Checkout Fields for WooCommerce Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31267 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 72da160ff639 Credits...

WordPress All-in-One Video Gallery Plugin <= 3.5.2 is vulnerable to Broken Access Control

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31248 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ff87f08708c9 Credits emad Required...

WordPress Easy Social Share Buttons Plugin <= 9.4 is vulnerable to Local File Inclusion

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-31300 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 770673a69613 Credits Rafie Muhammad Patchstack Required...

WordPress LearnPress Plugin <= 4.2.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.3 Fixed in 4.2.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-1289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88d0a0c7ed9f Credits drop Required...

WordPress REHub Framework plugin < 19.6.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin REHub Framework versions 19.6.2...

WordPress Rehub theme <= 19.6.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...

WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...

WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...

WordPress Breakdance Plugin <= 1.7.2 is vulnerable to Remote Code Execution (RCE)

Software Breakdance Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-31390 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 353d66dd1bd4 Credits Snicco Required privilege Breakdance...

WordPress Rehub Theme <= 19.6.1 is vulnerable to Local File Inclusion

Software Rehub Type Theme Vulnerable versions = 19.6.1 Fixed in 19.6.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-31231 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 189370c86e72 Credits Rafie Muhammad Patchstack Required privilege...

WordPress REHub Framework Plugin < 19.6.2 is vulnerable to SQL Injection

Software REHub Framework Type Plugin Vulnerable versions 19.6.2 Fixed in 19.6.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-31234 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2625ebbfb885 Credits Rafie Muhammad Patchstack Required privilege...

WordPress SpiderFAQ plugin <= 1.3.2 - Cross Site Scripting vulnerability

Cross Site Scripting vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin SpiderFAQ versions = 1.3.2...

WordPress HeartThis plugin <= 0.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin HeartThis versions = 0.1.0...

WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WooCommerce Bookings Calendar versions = 1.0.36...

WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin 10Web Map Builder for Google Maps versions = 1.0.74...

WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Kursat Cetin Patchstack in WordPress Plugin Chauffeur Taxi Booking System for WordPress versions = 7.2...

WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Shortcode Addons versions = 3.2.5...

WordPress Convert Post Types plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Convert Post Types versions = 1.4...

WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Yoo Slider versions = 2.1.1...

WordPress Prenotazioni plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Faizal Abroni Patchstack Alliance in WordPress Plugin Prenotazioni versions = 1.7.4...