WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Responsive Lightbox versions = 2.4.8...

WordPress Hyperlink Group Block plugin <= 1.17.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Hyperlink Group Block versions = 1.17.5...

WordPress Clio Grow plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Clio Grow versions = 1.0.2...

WordPress Zoho CRM Lead Magnet Plugin <= 1.7.9.7 is vulnerable to SQL Injection

Software Zoho CRM Lead Magnet Type Plugin Vulnerable versions = 1.7.9.7 Fixed in 1.7.9.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49297 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ec133b1adb47 Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress Movie Database Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Movie Database Type Plugin Vulnerable versions = 1.0.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43300 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d8991f93ba12 Credits FX Required privilege Administrator...

WordPress Clio Grow Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Clio Grow Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49276 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c42795525419 Credits SOPROBRO Required privilege...

WordPress Email Verification for WooCommerce Plugin <= 2.8.10 is vulnerable to SQL Injection

Software Email Verification for WooCommerce Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49305 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2913142990bb Credits shaman0x01 Required privile...

WordPress Smart Online Order for Clover Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8787 Patch priority Medium CVSS severity Medium 7.1 Developer Zaytech PSID ef2985b5f2b9 Credits vgo0 Require...

WordPress Animator Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Animator Type Plugin Vulnerable versions = 3.0.12 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0c507e6ced31 Credits Abdi Pranata Required privilege...

WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Content Copy Protection & No Right Click Type Plugin Vulnerable versions = 3.5.9 Fixed in 3.6.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2fc979b85a6d...

WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Social Auto Poster versions = 5.3.15...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.121...

WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Booking.com Banner Creator versions = 1.4.6...

WordPress Country Flags for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Country Flags for Elementor versions = 1.0.1...

WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Htaccess File Editor versions = 1.0.18...

WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin ajax-extend versions = 1.0...

WordPress Analyse Uploads plugin <= 0.5 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Analyse Uploads versions = 0.5...

WordPress leyka plugin <=3.31.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Leyka versions = 3.31.6...

WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Maan Addons For Elementor versions = 1.0.1...

WordPress Ad Inserter plugin <= 2.7.37 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ad Inserter versions = 2.7.37...