WordPress Jobify plugin < 4.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobify versions 4.3.0...

WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Fediverse Embeds versions = 1.5.3...

WordPress WPB Popup for Contact Form 7 Plugin <= 1.7.5 is vulnerable to Broken Access Control

Software WPB Popup for Contact Form 7 Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b3456d161fd Credits Arkadiusz...

WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Dynamic URL SEO versions = 1.0...

WordPress WooCommerce Price Alert plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WooCommerce Price Alert versions = 1.0.4...

WordPress Post By Email plugin <= 1.0.4b - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Post By Email versions = 1.0.4b...

WordPress Infinite Slider plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Infinite Slider versions = 2.0.1...

WordPress AtaraPay WooCommerce Payment Gateway plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin AtaraPay WooCommerce Payment Gateway versions = 2.0.13...

WordPress Chameleoni Jobs plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Chameleoni Jobs versions = 2.5.4...

WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Opal Woo Custom Product Variation versions = 1.1.3...

WordPress Ultimate Classified Listings plugin <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Ultimate Classified Listings versions = 1.7...

WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Geolocator versions = 1.1...

WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Quick Learn versions = 1.0.1...

WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Xpresslane Fast Checkout versions = 1.0.0...

WordPress de:branding plugin <= 1.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin de:branding versions = 1.0.2...

WordPress Awesome Studio Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Studio Type Plugin Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83cb8daf8eb9 Credits Le Ngoc Anh Required privilege...

WordPress AtaraPay WooCommerce Payment Gateway Plugin <= 2.0.13 is vulnerable to Cross Site Scripting (XSS)

Software AtaraPay WooCommerce Payment Gateway Type Plugin Vulnerable versions = 2.0.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52460 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4a92b5856e8e Credits Le Ngoc Anh...

WordPress GoQSmile Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software GoQSmile Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52455 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dbb042e2576e Credits Mika Required privilege Unauthenticated...

WordPress Library Bookshelves Plugin <= 5.8 is vulnerable to Cross Site Scripting (XSS)

Software Library Bookshelves Type Plugin Vulnerable versions = 5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52453 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 893d1f48a420 Credits Mika Required privilege...

WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Post SMTP versions = 2.9.9...