WordPress AVChat Video Chat Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software AVChat Video Chat Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49605 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 380cfa224ffa Credits SOPROBRO Required...

WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Giveaway Boost versions = 2.1.4...

WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Nice Backgrounds versions = 1.0...

WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Sovratec Case Management versions = 1.0.0...

WordPress All in One Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin All in One Slider versions = 1.1...

WordPress Gantry 4 Framework Plugin <= 4.1.21 is vulnerable to Cross Site Scripting (XSS)

Software Gantry 4 Framework Type Plugin Vulnerable versions = 4.1.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9382 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e1bc106a0d6 Credits vgo0 Required...

WordPress Easy Post Types Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Easy Post Types Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10080 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c5d62efaca31 Credits István Márton Required...

WordPress WP REST API FNS Plugin <= 1.0.0 is vulnerable to Privilege Escalation

Software WP REST API FNS Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-49328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b5035012904a Credits stealthcopter Required privilege...

WordPress Encyclopedia / Glossary / Wiki plugin <= 1.7.60 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Encyclopedia / Glossary / Wiki versions = 1.7.60...

WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Point Maker versions = 0.1.4...

WordPress FREE DOWNLOAD MANAGER plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin FREE DOWNLOAD MANAGER versions = 1.0.0...

WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JiangQie Free Mini Program versions = 2.5.2...

WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin WordPress Portfolio Builder – Portfolio Gallery versions = 1.1.7...

WordPress G Meta Keywords plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin G Meta Keywords versions = 1.4...

WordPress Custom Add to Cart Button Label and Link plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Custom Add to Cart Button Label and Link versions = 1.6.1...

WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin WP VR versions = 8.5.4...

WordPress Exclusive Addons for Elementor plugin <= 2.7.1 - Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.7.1...

WordPress Email Template Customizer for WooCommerce plugin <= 1.2.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Email Template Customizer for WooCommerce versions = 1.2.9.1...

WordPress PDF-Rechnungsverwaltung plugin <= 0.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin PDF-Rechnungsverwaltung versions = 0.0.1...

WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin CURCY versions = 2.2.3...