WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin BuddyPress Better Registration versions = 1.6...

WordPress Ahime Image Printer plugin <= 1.0.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Ahime Image Printer versions = 1.0.0...

WordPress Add Categories Post Footer plugin <= 2.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Add Categories Post Footer versions = 2.2.2...

WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Crazy Call To Action Box versions = 1.0.5...

WordPress El mejor Cluster plugin <= 1.1.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin El mejor Cluster versions = 1.1.15...

WordPress WordPress Video plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WordPress Video versions = 1.0...

WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Ajax Custom CSS/JS versions = 2.0.4...

WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin wpPricing Builder versions = 1.5.0...

WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Mitm Bug Tracker versions = 1.0...

WordPress cSlider plugin <= 2.4.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin cSlider versions = 2.4.2...

WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Feed Comments Number versions = 0.2.1...

WordPress Mighty Builder plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Mighty Builder versions = 1.0.2...

WordPress Feed Comments Number Plugin <= 0.2.1 is vulnerable to Arbitrary File Upload

Software Feed Comments Number Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49216 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6dc3911dda2c Credits stealthcopter Required privilege...

WordPress my flatonica Theme <= 0.0.8 is vulnerable to Cross Site Scripting (XSS)

Software my flatonica Type Theme Vulnerable versions = 0.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4f10b689b5a4 Credits justakazh Required privilege...

WordPress my wooden under construction Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software my wooden under construction Type Theme Vulnerable versions = 2.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49269 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cc0e1da3f3b Credits justakazh Required...

WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

WordPress Ajax Custom CSS/JS Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Custom CSS/JS Type Plugin Vulnerable versions = 2.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49230 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a0b3b7c24e3c Credits SOPROBRO Required privilege...

WordPress Add Categories Post Footer Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Add Categories Post Footer Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49239 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a0d115d1939f Credits Le Ngoc Anh Required...

WordPress Elementor Addon Elements Plugin <= 1.13.8 is vulnerable to Sensitive Data Exposure

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.8 Fixed in 1.13.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8902 Patch priority Low CVSS severity Low 4.3 Developer WPVibes PSID ba1eb37881f7 Credits Ankit Patel Required...

WordPress WordPress Gallery Plugin – Limb Image Gallery Plugin <= 1.5.7 is vulnerable to Arbitrary File Upload

Software WordPress Gallery Plugin – Limb Image Gallery Type Plugin Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49260 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 1dec11f80c4c Credits stealthcopt...