WordPress SurveyJS: Drag & Drop WordPress Form Builder Plugin <= 1.9.136 is vulnerable to Arbitrary File Upload

Software SurveyJS: Drag & Drop WordPress Form Builder Type Plugin Vulnerable versions = 1.9.136 Fixed in 1.12.4 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50427 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 71e521e4a742 Credits...

WordPress Advanced Sermons Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50458 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0e069038bb43 Credits SOPROBRO Required privilege Contributor...

WordPress Breeze Plugin <= 2.1.14 is vulnerable to Cross Site Scripting (XSS)

Software Breeze Type Plugin Vulnerable versions = 2.1.14 Fixed in 2.1.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50431 Patch priority Low CVSS severity Low 5.9 Developer Cloudways PSID 40fce694a577 Credits Felipe Alcantara Filiplain Required privilege...

WordPress DarkMySite – Advanced Dark Mode Plugin for WordPress Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software DarkMySite – Advanced Dark Mode Plugin for WordPress Type Plugin Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-50466 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Textboxes Plugin <= 0.1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Textboxes Type Plugin Vulnerable versions = 0.1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50469 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 50ef1a0649e6 Credits SOPROBRO Required privilege Contributor...

WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.21 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Robo Gallery versions = 3.2.21...

WordPress My Wp Brand – Hide menu & Hide Plugin plugin <= 1.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin My Wp Brand versions = 1.1.2...

WordPress Product Filter by WBW plugin <= 2.7.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Product Filter by WBW versions = 2.7.0...

WordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Smart Manager versions = 8.45.0...

WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.2.3...

WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Simple Membership versions = 4.5.3...

WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability

Account Takeover vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin iBryl Switch User versions = 1.0.1...

WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin EKC Tournament Manager versions = 2.2.1...

WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin LaTeX2HTML versions = 2.5.4...

WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin AI Image Generator for Your Content & Featured Images – AI Postpix versions = 1.1.8...

WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin INK Official versions = 4.1.2...

WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Web Bricks Addons for Elementor versions = 1.1.1...

WordPress DocumentPress plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin DocumentPress versions = 2.1...

WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Portfolleo versions = 1.2...

WordPress SVG Captcha plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin SVG Captcha versions = 1.0.11...