WordPress WPC Grouped Product for WooCommerce Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software WPC Grouped Product for WooCommerce Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32520 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18460ef99dba Credits Abdi...

WordPress Easy Textillate Plugin <= 2.02 is vulnerable to Cross Site Scripting (XSS)

Software Easy Textillate Type Plugin Vulnerable versions = 2.02 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32526 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 449b07d55d23 Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress BMI Adult & Kid Calculator Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software BMI Adult & Kid Calculator Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-32550 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 6c58017d5b00 Credits Faizal Abroni Required privile...

WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Fatal Error Notify versions = 1.5.2...

WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Legal Pages versions = 1.4.2...

WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Wallet System for WooCommerce versions = 2.5.9...

WordPress IP2Location Country Blocker plugin <= 2.34.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Download IP2Location Country Blocker versions = 2.34.2...

WordPress WP Client Reports plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP Client Reports versions = 1.0.22...

WordPress SEO Booster plugin <= 3.8.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin SEO Booster versions = 3.8.9...

WordPress eCommerce Product Catalog plugin <= 3.3.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin eCommerce Product Catalog versions = 3.3.28...

WordPress AffiEasy plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin AffiEasy versions = 1.1.4...

WordPress BEAF plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin BEAF versions = 4.5.4...

WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin ActiveCampaign versions = 8.1.14...

WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Remove Footer Credit versions = 1.0.13...

WordPress MWW Disclaimer Buttons plugin <= 3.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin MWW Disclaimer Buttons versions = 3.0.2...

WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Pardot versions = 2.1.0...

WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Easy Contact Form Lite versions = 1.1.23...

WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.0...

WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.0.12...

WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...