WordPress AI Twitter Feeds (Twitter widget & shortcode) plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin AI Twitter Feeds Twitter widget & shortcode versions = 2.4...

WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy Patchstack Alliance in WordPress Plugin Popup Cart Lite for WooCommerce versions = 1.1...

WordPress SEO Title Tag plugin <= 3.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin SEO Title Tag versions = 3.5.9...

WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Broken Images versions = 0.2...

WordPress Platinum SEO plugin <= 2.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Platinum SEO versions = 2.4.0...

WordPress Add Shortcodes Actions And Filters plugin <= 2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Add Shortcodes Actions And Filters versions = 2.10...

WordPress Mighty Classic Pros And Cons plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Mighty Classic Pros And Cons versions = 2.0.9...

WordPress DD Rating plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin DD Rating versions = 1.7.1...

WordPress WP Twitter Mega Fan Box Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin WP Twitter Mega Fan Box Widget versions = 1.0...

WordPress Responsive flipbook plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive flipbook versions = 1.0.0...

WordPress Sticky Anything plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Sticky Anything versions = 2.1.5...

WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Whizzy versions = 1.1.18...

WordPress VS Contact Form plugin <= 14.7 - Sum Captcha Bypass vulnerability

Sum Captcha Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin VS Contact Form versions = 14.7...

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Kursat Cetin Patchstack in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.25...

WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.1...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.7 is vulnerable to Broken Access Control

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.15.7 Fixed in 2.15.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31099 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 6820fd10e35f...

WordPress Convert Post Types Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Convert Post Types Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31112 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7886117d6aac Credits Dimas Maulana Required privilege...

WordPress Slugs Manager Plugin <= 2.6.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Slugs Manager Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.7.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30536 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a596f5eeacf4 Credits Nguyen Xuan Chien...

WordPress VS Contact Form Plugin <= 14.7 is vulnerable to Bypass Vulnerability

Software VS Contact Form Type Plugin Vulnerable versions = 14.7 Fixed in 14.8 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-30540 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 88383ccd18bb Credits Kyle Sanchez Required privilege...

WordPress Social Author Bio Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Social Author Bio Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30545 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 30e2380972a1 Credits Cronus Required privilege...