WordPress Firelight Lightbox plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Firelight Lightbox versions = 2.3.3...

WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SEOPress versions = 8.1.1...

WordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SEOPress versions = 8.1.1...

WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin MDTF versions = 1.3.3.4...

WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.14.1...

WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Envo's Elementor Templates & Widgets for WooCommerce versions = 1.4.19...

WordPress PostX plugin <= 4.1.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0tter Patchstack Alliance in WordPress Plugin PostX versions = 4.1.12...

WordPress NewsCard theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Theme NewsCard versions = 1.3...

WordPress Breeze plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Felipe Alcantara Patchstack Alliance in WordPress Plugin Breeze versions = 2.1.14...

WordPress Beaver Builder plugin <= 2.8.3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Beaver Builder versions = 2.8.3.7...

WordPress Survey Maker plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Survey Maker versions = 5.0.2...

WordPress WP Booking System – Booking Calendar plugin <= 2.0.19.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin WP Booking System versions = 2.0.19.10...

WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Bold Page Builder versions = 5.1.3...

WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WPC Shop as a Customer for WooCommerce versions = 1.2.6...

WordPress Import and export users and customers plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.27.5...

WordPress WP Abstracts plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin WP Abstracts versions = 2.7.1...

WordPress Namaste! LMS plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Hazem Brini Patchstack Alliance in WordPress Plugin Namaste! LMS versions = 2.6.4...

WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Namaste! LMS versions = 2.6.3...

WordPress Templately Plugin <= 3.1.5 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50424 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 91fcded45c2b Credits Rafie Muhammad Patchstack...

WordPress Multi Step Form Plugin <= 1.7.21 is vulnerable to Broken Access Control

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.21 Fixed in 1.7.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50428 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 836c6987cc2b Credits Muhamad Agil Fachrian...