WordPress PopularFX theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme PopularFX versions = 1.2.4...

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-31388 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Favicon Plugin <= 1.3.29 is vulnerable to Cross Site Request Forgery (CSRF)

Software Favicon Type Plugin Vulnerable versions = 1.3.29 Fixed in 1.3.30 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31422 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 519dd147403f Credits RE-ALTER Required privile...

WordPress Inline Related Posts Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Inline Related Posts Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.4.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31426 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 472557d2a031 Credits Brandon Roldan...

WordPress The Conference Theme <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software The Conference Type Theme Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31428 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f038ad152adb Credits Dhabaleshwar Das...

WordPress Blocksy Companion Plugin <= 2.0.28 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.28 Fixed in 2.0.29 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31932 Patch priority Low CVSS severity Low 5.4 Developer Creative Themes PSID f75fe061addd Credits RE-ALTER Requir...

WordPress TWIPLA (Visitor Analytics IO) Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software TWIPLA Visitor Analytics IO Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31937 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35e7ceea8aa3 Credits Dhabaleshwar Das Required...

WordPress Smash Balloon Social Post Feed Plugin <= 4.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smash Balloon Social Post Feed Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-31379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0081dd599b5c Credits Majed Refa...

WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin No-Bot Registration versions = 1.9.1...

WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Event Aggregator versions = 1.7.6...

WordPress CodeisAwesome AIKit plugin <= 4.14.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ivan Spiridonov Patchstack Alliance in WordPress Plugin AIKit versions = 4.14.1...

WordPress Soledad theme <= 8.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Soledad versions = 8.4.5...

WordPress Soledad theme <= 8.4.5 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Soledad versions = 8.4.5...

WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Post Type Builder PTB versions 2.1.1...

WordPress Post Type Builder (PTB) Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Post Type Builder PTB Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31365 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 043b6c8024b4 Credits Dave Jong Patchstack Require...

WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control

Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31368 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 82c791d66976 Credits Rafie Muhammad Patchstack Required...

WordPress bunny.net plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin bunny.net versions = 2.0.1...

WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Premmerce Product Filter for WooCommerce versions = 3.7.2...

WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ray Wilson Patchstack Alliance in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.5.2...

WordPress Benchmark Email Lite Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Benchmark Email Lite Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31360 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 854801e675e4 Credits Joshua Chan Requir...