WordPress Code Generate plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Code Generate versions = 1.0...

WordPress Monitor.chat plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Monitor.chat versions = 1.1.1...

WordPress Banner Slider plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Banner Slider versions = 2.1...

WordPress myCred Elementor Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software myCred Elementor Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49702 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 91faf3362d6d Credits João Pedro S Alcântara Kinorth Requir...

WordPress Simple Load More Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Load More Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49662 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cc90907a6e66 Credits Mika Required privilege...

WordPress uCAT – Next Story Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software uCAT – Next Story Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b51e5248ad22 Credits Mika Required privilege...

WordPress leenk.me Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Software leenk.me Type Plugin Vulnerable versions = 2.16.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49661 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9fc14cabc7ca Credits João Pedro S Alcântara Kinorth Required...

WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin SiteBuilder Dynamic Components versions = 1.0...

WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Back Link Tracker versions = 1.0.0...

WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SafetyForms versions = 1.0.0...

WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Product Website Showcase versions = 1.0...

WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin photokit versions = 1.0...

WordPress Author Discussion plugin <= 0.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Author Discussion versions = 0.2.2...

WordPress GERRYWORKS Post by Mail plugin <= 1.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin GERRYWORKS Post by Mail versions = 1.0...

WordPress SermonAudio Widgets Plugin <= 1.9.3 is vulnerable to SQL Injection

Software SermonAudio Widgets Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49614 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b36bd1fd3f06 Credits João Pedro S Alcântara Kinorth Required privile...

WordPress WP Dropbox Dropins Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software WP Dropbox Dropins Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49607 Patch priority High CVSS severity High 10 Developer Claim ownership PSID bc49371a8bf9 Credits stealthcopter Required privilege...

WordPress SiteBuilder Dynamic Components Plugin <= 1.0 is vulnerable to PHP Object Injection

Software SiteBuilder Dynamic Components Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49625 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7e4e11ce38e6 Credits Mika Required privilege...

WordPress Google Map Locations Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Google Map Locations Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49606 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 792a537d84d3 Credits João Pedro S Alcântara Kinorth...

WordPress GERRYWORKS Post by Mail Plugin <= 1.0 is vulnerable to Privilege Escalation

Software GERRYWORKS Post by Mail Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49608 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 7ce561dc425f Credits Mika Required...

WordPress WP Education Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Education Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49630 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7bf47fb0bb5f Credits Gab Required privilege Contributor...