WordPress Sina Extension for Elementor plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Sina Extension for Elementor versions = 3.5.3...

WordPress Master Addons for Elementor plugin <= 2.0.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SouzaZinn Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.6.0...

WordPress Eduma theme <= 5.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Eduma versions = 5.4.7...

WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP Docs versions = 2.1.3...

WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Cookie Consent versions = 3.2...

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability

Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Sensei Pro WC Paid Courses versions = 4.23.1.1.23.1...

WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Sensei LMS versions = 4.23.1...

WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Radcliffe 2 versions = 2.0.17...

WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Otter Blocks PRO versions = 2.6.11...

WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin GiveWP versions = 3.12.0...

WordPress WPMobile.App Plugin <= 11.41 is vulnerable to Cross Site Scripting (XSS)

Software WPMobile.App Type Plugin Vulnerable versions = 11.41 Fixed in 11.42 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-35694 Patch priority Medium CVSS severity Medium 7.1 Developer Amauri.IO PSID 392a8fdcac50 Credits CatFather Required privilege...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Broken Access Control

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5a225c011e38 Credits...

WordPress Eduma Theme <= 5.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Eduma Type Theme Vulnerable versions = 5.4.7 Fixed in 5.4.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35697 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f915e1861e8 Credits Rafie Muhammad Patchstack Required privileg...

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3582bb729f7f Credits Dave Jong...

WordPress Widget Options Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software Widget Options Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35690 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d20ab85a5efb Credits Dave Jong Patchstack...

WordPress ElasticPress Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ElasticPress Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35684 Patch priority Low CVSS severity Low 4.3 Developer 10up PSID fbb3d18344c4 Credits Ananda Dhakal Patchstack Required...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...

WordPress Strategery Migrations Plugin <= 1.0 is vulnerable to Arbitrary File Download

Software Strategery Migrations Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-35745 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 56c2660b4cfb Credits YCInfosec Required...

WordPress RestroPress Plugin <= 3.1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software RestroPress Type Plugin Vulnerable versions = 3.1.2.1 Fixed in 3.1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f811f4d1bd1 Credits LVT-tholv2k Required privilege...