WordPress ADIF Log Search Widget Plugin <= 1.0f is vulnerable to Cross Site Scripting (XSS)

Software ADIF Log Search Widget Type Plugin Vulnerable versions = 1.0f Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49238 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 10e10eee4580 Credits Le Ngoc Anh Required privile...

WordPress ProfileGrid Plugin <= 5.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3 Fixed in 5.9.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49273 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8da39e4aabe3 Credits Trương Hữu Phúc...

WordPress AB Categories Search Widget Plugin <= 0.2.5 is vulnerable to Cross Site Scripting (XSS)

Software AB Categories Search Widget Type Plugin Vulnerable versions = 0.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49240 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21eeb86e4dc6 Credits Le Ngoc Anh Required...

WordPress TAKETIN To WP Membership Plugin <= 2.8.1 is vulnerable to PHP Object Injection

Software TAKETIN To WP Membership Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49226 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e430761eddd4 Credits LVT-tholv2k Required privilege...

WordPress Social Auto Poster Plugin <= 5.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.15 Fixed in 5.3.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49272 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d78a86986549 Credits Ananda Dhakal...

WordPress RS-Members Plugin <= 1.0.3 is vulnerable to Privilege Escalation

Software RS-Members Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49219 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3db20a267888 Credits João Pedro S Alcântara Kinorth...

WordPress Ahime Image Printer Plugin <= 1.0.0 is vulnerable to Arbitrary File Download

Software Ahime Image Printer Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-49245 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4330a07d13a8 Credits stealthcopter Required...

WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Happy Addons for Elementor versions = 3.12.3...

WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ShortPixel Image Optimizer versions = 5.6.3...

WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ShortPixel Image Optimizer versions = 5.6.3...

WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Contact Form by Supsystic versions = 1.7.28...

WordPress Happy Addons for Elementor Plugin <= 3.12.3 is vulnerable to Broken Access Control

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.12.3 Fixed in 3.12.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-48045 Patch priority Low CVSS severity Low 4.3 Developer Leevio PSID 12a67710b428 Credits Rafie Muhammad Patchstack...

WordPress Tainacan plugin <= 0.21.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Tainacan versions = 0.21.8...

WordPress CubeWP Framework plugin <= 1.1.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin CubeWP versions = 1.1.15...

WordPress SKT Blocks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SKT Blocks versions = 1.6...

Exploit for CVE-2023-30486

CVE-2023-30486 Square = 2.0.0 - Missing Authorization via...

WordPress Talkback plugin <= 1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Talkback versions = 1.0...

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin IP Loc8 versions = 1.1...