WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin BuddyPress Better Registration versions = 1.6...

WordPress Ahime Image Printer plugin <= 1.0.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Ahime Image Printer versions = 1.0.0...

WordPress Add Categories Post Footer plugin <= 2.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Add Categories Post Footer versions = 2.2.2...

WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Crazy Call To Action Box versions = 1.0.5...

WordPress El mejor Cluster plugin <= 1.1.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin El mejor Cluster versions = 1.1.15...

WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WordPress Video versions = 1.0...

WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Ajax Custom CSS/JS versions = 2.0.4...

WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin wpPricing Builder versions = 1.5.0...

WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Mitm Bug Tracker versions = 1.0...

WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin cSlider versions = 2.4.2...

WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Feed Comments Number versions = 0.2.1...

WordPress Mighty Builder plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Mighty Builder versions = 1.0.2...

WordPress Feed Comments Number Plugin <= 0.2.1 is vulnerable to Arbitrary File Upload

Software Feed Comments Number Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49216 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6dc3911dda2c Credits stealthcopter Required privilege...

WordPress my wooden under construction Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software my wooden under construction Type Theme Vulnerable versions = 2.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cc0e1da3f3b Credits justakazh Required...

WordPress my flatonica Theme <= 0.0.8 is vulnerable to Cross Site Scripting (XSS)

Software my flatonica Type Theme Vulnerable versions = 0.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4f10b689b5a4 Credits justakazh Required privilege...

WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

WordPress Ajax Custom CSS/JS Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Custom CSS/JS Type Plugin Vulnerable versions = 2.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49230 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a0b3b7c24e3c Credits SOPROBRO Required privilege...

WordPress TAKETIN To WP Membership Plugin <= 2.8.1 is vulnerable to PHP Object Injection

Software TAKETIN To WP Membership Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49226 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e430761eddd4 Credits LVT-tholv2k Required privilege...

WordPress AB Categories Search Widget Plugin <= 0.2.5 is vulnerable to Cross Site Scripting (XSS)

Software AB Categories Search Widget Type Plugin Vulnerable versions = 0.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49240 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21eeb86e4dc6 Credits Le Ngoc Anh Required...

WordPress ProfileGrid Plugin <= 5.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3 Fixed in 5.9.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49273 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8da39e4aabe3 Credits Trương Hữu Phúc...