WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin uListing versions = 2.1.5...

WordPress WP Mail Catcher plugin <= 2.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin WP Mail Catcher versions = 2.1.9...

WordPress Product Enquiry for WooCommerce Plugin <= 2.2.33.33 is vulnerable to PHP Object Injection

Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 2.2.33.33 Fixed in 2.2.33.34 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8922 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f788257a9413 Credits Francesco...

WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jorge Diaz Patchstack Alliance in WordPress Plugin WPExperts Square For GiveWP versions = 1.3...

WordPress Zoho Flow for WordPress plugin <= 2.7.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Zoho Flow versions = 2.7.1...

WordPress Loops & Logic plugin <= 4.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Loops & Logic versions = 4.1.4...

WordPress Sky Addons for Elementor plugin <= 2.5.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Sky Addons for Elementor versions = 2.5.11...

WordPress nm-visitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software nm-visitors Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4541 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 95398650de42 Credits rezaduty Required privileg...

WordPress ElementsReady Addons for Elementor plugin <= 6.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.0...

WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 3.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin FunnelKit Automations versions = 3.1.2...

WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin MPG versions = 3.4.7...

WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin WP Timeline – Vertical and Horizontal timeline plugin versions = 3.6.7...

WordPress WS Form LITE plugin <= 1.9.238 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin WS Form LITE versions = 1.9.238...

WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin PWA for WP & AMP versions = 1.7.72...

WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Salon booking system versions = 10.9...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin GiveWP versions = 3.15.1...

WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Sunshine Photo Cart versions = 3.2.8...

WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Classic Editor and Classic Widgets versions = 1.4.1...

WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by h0j3n Patchstack Alliance in WordPress Plugin Cities Shipping Zones for WooCommerce versions = 1.2.7...

WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Use Any Font versions = 6.3.08...