WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Laybuy Payment Extension for WooCommerce versions = 5.3.9...

WordPress Ibtana plugin <= 1.2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Ibtana versions = 1.2.3.3...

WordPress Tabs plugin <= 4.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin Tabs versions = 4.0.6...

WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Sinatra versions = 1.3...

WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability

Unauthenticated Settings & Users Data Dump vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability

CSRF leading to notice dismissal vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Envira Photo Gallery versions = 1.8.7.3...

WordPress WPMU Defender plugin <= 3.3.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin Defender Security versions = 3.3.2...

WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Snicco Patchstack Alliance in WordPress Plugin WP 2FA versions = 2.6.3...

WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MasterStudy LMS versions = 3.2.1...

WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Consulting Elementor Widgets versions = 1.3.0...

WordPress Consulting Elementor Widgets plugin <= 1.3.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Consulting Elementor Widgets versions = 1.3.0...

WordPress My Favorites Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software My Favorites Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37114 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e94c277c4f6 Credits Jean Tirstan T Required privilege Contribut...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Privilege Escalation

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37107 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 853821d46a11 Credits Dave Jong Patchstack...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Sensitive Data Exposure

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37110 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a0be12d15f6b Credits Dave Jong Patchstack...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary Code Execution

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-37109 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fa508ef02b6e Credits Dave Jong Patchstack Required...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to SQL Injection

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification SQL Injection CVE CVE-2024-37112 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 61954a7187be Credits Dave Jong Patchstack Required...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37090 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6570f9049c30 Credits Rafie Muhammad Patchstack Required...

WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter Plugin <= 1.222.16 is vulnerable to Broken Access Control

Software Ultimate Custom Add To Cart Button Ajax For WooCommerce by Binary Carpenter Type Plugin Vulnerable versions = 1.222.16 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37202 Patch priority Medium CVSS severity Medium 6.5 Developer Clai...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37089 Patch priority High CVSS severity High 9 Developer Claim ownership PSID af33d70e30a2 Credits Rafie Muhammad Patchstack...