WordPress Premium Packages – Sell Digital Products Securely plugin <= 6.0.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jorge Diaz - ddiax Patchstack Alliance in WordPress Plugin WPDM – Premium Packages versions = 6.0.5...

WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin WordPress Video Robot - The Ultimate Video Importer versions = 1.20.0...

WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Quick Setup versions = 2.0...

WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Ads Booster by Ads Pro versions = 1.12...

WordPress Linear plugin <= 2.8.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Linear versions = 2.8.0...

WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin wp-login customizer versions = 1.0...

WordPress Themify Builder plugin <= 7.6.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Themify Builder versions = 7.6.5...

WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability

Remote Code Execution vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Debug Tool versions = 2.2...

WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WDES Responsive Mobile Menu versions = 5.3.18...

WordPress Airin Blog theme <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Airin Blog versions = 1.6.1...

WordPress Xin theme <= 1.0.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Xin versions = 1.0.8.1...

WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Push Notifications for WordPress by PushAssist versions = 3.0.8...

WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin CSV to html versions = 3.26...

WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin B-Banner Slider versions = 1.1...

WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Exclusive Content Password Protect versions = 1.1.0...

WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by CTRL - Chance Patchstack Alliance in WordPress Plugin Gallerio versions = 1.01...

WordPress B-Banner Slider Plugin <= 1.1 is vulnerable to Arbitrary File Upload

Software B-Banner Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52405 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 1fa3975122b0 Credits stealthcopter Required privilege Subscriber...

WordPress User Management Plugin <= 1.1 is vulnerable to Arbitrary File Upload

Software User Management Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52403 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 886265b035b0 Credits stealthcopter Required privilege Subscriber...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...

WordPress Fat Rat Collect Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Fat Rat Collect Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10577 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1bb18ef91a7a Credits Peter Thaleikis...