WordPress weMail plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin weMail versions = 1.14.5...

WordPress Leopard - WordPress offload media Plugin <= 2.0.36 is vulnerable to Sensitive Data Exposure

Software Leopard - WordPress offload media Type Plugin Vulnerable versions = 2.0.36 Fixed in 3.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43257 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abc75d6c856e Credits Da...

WordPress WHMpress Plugin <= 6.2-revision-5 is vulnerable to Cross Site Scripting (XSS)

Software WHMpress Type Plugin Vulnerable versions = 6.2-revision-5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43246 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 366cbaa22db4 Credits Dave Jong Patchstack Required...

WordPress Leopard - WordPress offload media Plugin <= 2.0.36 is vulnerable to Settings Change

Software Leopard - WordPress offload media Type Plugin Vulnerable versions = 2.0.36 Fixed in 3.1.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43256 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b11a3c864a0 Credits Dave Jong...

WordPress Crew HRM Plugin <= 1.1.1 is vulnerable to PHP Object Injection

Software Crew HRM Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43252 Patch priority High CVSS severity High 9 Developer Sekander Badsha PSID e529c4ddfdc3 Credits CatFather Required privilege Unauthenticated...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Deletion

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-43248 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID fe35e84633f6 Credits Dave Jong Patchstack Require...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Upload

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-43249 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 064fd9534e30 Credits Dave Jong Patchstack Required...

WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43239 Patch priority Low CVSS severity Low 4.3 Developer Masteriyo PSID 14f36e53d575 Credits Ananda Dhakal...

WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.9.10...

WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Timeline and History slider versions = 2.3...

WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Shared Files versions = 1.7.28...

WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.3.2...

WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dmitriy Prokhorov Patchstack Alliance in WordPress Plugin Kodex Posts likes versions = 2.5.0...

WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by domiee13 Patchstack Alliance in WordPress Plugin Filr versions = 1.2.4...

WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin myCred versions = 2.7.2...

WordPress MultiVendorX Marketplace plugin <= 4.1.17 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin MultiVendorX versions = 4.1.17...

WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WpTravelly versions = 1.7.7...

WordPress Bitly's WordPress Plugin plugin <= 2.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Bitly versions = 2.7.2...

WordPress YaMaps for WordPress Plugin <= 0.6.27 is vulnerable to Cross Site Scripting (XSS)

Software YaMaps for WordPress Type Plugin Vulnerable versions = 0.6.27 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43224 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eb6f72d0e57f Credits LVT-tholv2k Required privilege...

WordPress Mediavine Control Panel Plugin <= 2.10.4 is vulnerable to Cross Site Scripting (XSS)

Software Mediavine Control Panel Type Plugin Vulnerable versions = 2.10.4 Fixed in 2.10.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43218 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID 447650b29419 Credits LVT-tholv2k Required privilege...