WordPress GPX Viewer Plugin <= 2.2.9 is vulnerable to Arbitrary File Upload

Software GPX Viewer Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.2.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-10629 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID abb72626a6f6 Credits Francesco Carlucci Required privilege...

WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability

Admin+ Remote Code Execution RCE vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.15...

WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin W3SPEEDSTER versions = 7.25...

WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Pie Register Premium versions 3.8.3.3...

WordPress Team Member – Multi Language Supported Team plugin <= 7.4 - Limited Local File Inclusion vulnerability

Limited Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Team Member versions = 7.4...

WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Matix Popup Builder versions = 1.0.0...

WordPress ZIJ KART plugin <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin ZIJ KART versions = 1.1...

WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin kineticPay for WooCommerce versions = 2.0.8...

WordPress DigiPass plugin <= 0.3.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin DigiPass versions = 0.3.0...

WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Boat Rental Plugin for WordPress versions = 1.0.1...

WordPress KBucket plugin <= 4.2.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin KBucket versions = 4.2.2...

WordPress Pie Register Premium Plugin < 3.8.3.3 is vulnerable to Broken Access Control

Software Pie Register Premium Type Plugin Vulnerable versions 3.8.3.3 Fixed in 3.8.3.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52391 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4396b4ed7d8a Credits Ananda Dhakal Patchsta...

WordPress Devexhub Gallery Plugin <= 2.0.1 is vulnerable to Arbitrary File Upload

Software Devexhub Gallery Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52373 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 41326b5950fa Credits stealthcopter Required privilege...

WordPress DigiPass Plugin <= 0.3.0 is vulnerable to Arbitrary File Download

Software DigiPass Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2024-52378 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dbfd2eb97192 Credits stealthcopter Required privilege Unauthenticat...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress Floating Buttons for WooCommerce Plugin <= 2.8.8 is vulnerable to Broken Access Control

Software Floating Buttons for WooCommerce Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.9.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52395 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 7c8260ec946a Credits Mika...

WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Responsive Slider by MetaSlider versions = 3.92.0...

WordPress The Pack Elementor addons plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin The Pack Elementor addons versions = 2.1.0...

WordPress OSM – OpenStreetMap plugin <= 6.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Junwoo Kang Patchstack Alliance in WordPress Plugin OSM versions = 6.1.2...

WordPress ra_qrcode plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin raqrcode versions = 2.1.0...