WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin YITH WooCommerce Compare versions = 2.37.0...

WordPress Royal Elementor Kit Theme <= 1.0.116 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Kit Type Theme Vulnerable versions = 1.0.116 Fixed in 1.0.117 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32773 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4da5c371e0b8 Credits Dhabaleshwar...

WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32952 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c3b6f1863142 Credits Dave Jong Patchstack...

WordPress BP Better Messages Plugin <= 2.4.32 is vulnerable to Broken Authentication

Software BP Better Messages Type Plugin Vulnerable versions = 2.4.32 Fixed in 2.4.33 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2024-32802 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f9f66260d562 Credits Ananda Dhakal...

WordPress myCred Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32711 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8867201beeee Credits stealthcopter Required privilege Subscrib...

WordPress SuperFaktura WooCommerce Plugin <= 1.40.3 is vulnerable to Server Side Request Forgery (SSRF)

Software SuperFaktura WooCommerce Type Plugin Vulnerable versions = 1.40.3 Fixed in 1.40.4 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-32803 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 1f6825e0241f Credits...

WordPress Pricing Table by Supsystic Plugin <= 1.9.12 is vulnerable to Content Injection

Software Pricing Table by Supsystic Type Plugin Vulnerable versions = 1.9.12 Fixed in 1.9.13 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-32790 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 432ab1264c03 Credits Steven Julian Required privilege...

WordPress ActiveDEMAND Plugin <= 0.2.41 is vulnerable to Arbitrary File Upload

Software ActiveDEMAND Type Plugin Vulnerable versions = 0.2.41 Fixed in 0.2.42 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32809 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7f5500fcd5a1 Credits stealthcopter Required privilege...

WordPress ProfileGrid Plugin <= 5.8.2 is vulnerable to Bypass Vulnerability

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-32774 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32476e3a5d62 Credits Kyle Sanchez Required privilege Subscrib...

WordPress ARForms Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32702 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ac8f7cc23af Credits Dave Jong Patchstack Required privilege...

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32705 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 849f4eb72992 Credits Dave Jong Patchstack Required privilege...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.11 is vulnerable to Arbitrary File Upload

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.11 Fixed in 3.6.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32836 Patch priority Medium CVSS severity Medium 9.1 Developer WP Lab PSID a5bd0e74973d Credits Joshua Chan Required privilege Shop...

WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Settings Change

Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32951 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 446d765fd496 Credits Dave Jong Patchstac...

WordPress ARForms Plugin <= 6.4 is vulnerable to Settings Change

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bcff8bbe359f Credits Dave Jong Patchstack Required privilege...

WordPress EWWW Image Optimizer Plugin < 7.3.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ewww:imageoptimizer"; if description...

WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Infographic Maker – iList versions = 4.6.6...

WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Kursat Cetin Patchstack in WordPress Plugin Chauffeur Taxi Booking System for WordPress versions = 6.9...

WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.6.2...

WordPress Infographic Maker – iList Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baa0cb27dbc1 Credits Khalid Yusuf Required...

WordPress 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Plugin <= 3.62 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Type Plugin Vulnerable versions = 3.62 Fixed in 3.63 OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32694 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PS...