WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Church Admin versions = 4.1.5...

WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Generate Child Theme versions = 2.0...

WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Masteriyo - LMS versions = 1.7.2...

WordPress Premium Addons for Elementor plugin <= 4.10.22 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin Premium Addons for Elementor versions = 4.10.22...

WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Product Designer versions = 1.0.32...

WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Products, Order & Customers Export for WooCommerce versions = 2.0.8...

WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Plugin JS Help Desk versions = 2.8.3...

WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Ultimate Maps by Supsystic versions = 1.2.16...

WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin ARForms Form Builder versions = 1.6.1...

WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Flexible Checkout Fields for WooCommerce versions = 4.1.2...

WordPress Sumo plugin <= 1.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Friday Patchstack Alliance in WordPress Plugin Sumo versions = 1.34...

WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Post Views Counter versions = 1.4.4...

WordPress SearchIQ plugin <= 4.5 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin SearchIQ versions = 4.5...

WordPress Form to Chat App plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Form to Chat App versions = 1.1.6...

WordPress WordPress Backup & Migration plugin <= 1.4.7 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WordPress Backup & Migration versions = 1.4.7...

WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin OAuth Server versions = 4.3.3...

WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Responsive Lightbox versions = 2.4.6...

WordPress Demo My WordPress Plugin <= 1.0.9.1 is vulnerable to Privilege Escalation

Software Demo My WordPress Type Plugin Vulnerable versions = 1.0.9.1 Fixed in 1.1.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-31290 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e3085e8e64da Credits Dave Jong Patchstack...

WordPress Easy Social Share Buttons Plugin <= 9.4 is vulnerable to Broken Access Control

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31307 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 88c85a953f3f Credits Rafie Muhammad...

WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Loan Repayment Calculator and Application Form Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31263 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...