PT-2024-24996 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to unauthorized loss of data due to a missing capability check on the profile p...

WordPress Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dau Hoang Tai in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.34...

WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Masteriyo - LMS versions = 1.7.3...

WordPress Salon booking system plugin <= 9.6.5 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Salon booking system versions = 9.6.5...

WordPress WP-Members Membership Plugin plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files vulnerability

Unprotected Storage of Potentially Sensitive Files vulnerability discovered by Tim Coen in WordPress Plugin WP-Members versions = 3.4.9.3...

WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Custom field finder versions = 0.3...

WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WordPress Assistant versions = 1.4.9.1...

PT-2024-24743 · WordPress · Advanced Search

Name of the Vulnerable Software and Affected Versions: Advanced Search WordPress plugin versions 1.1.6 and earlier Description: The issue allows users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configuration due to improper escaping of...

WordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Simply Static versions = 3.1.3...

WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin BA Book Everything versions = 1.6.8...

WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Aspose.Words Exporter versions = 6.3.1...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.5.0...

WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Digital Publications by Supsystic versions = 1.7.7...

WordPress BEAR plugin <= 1.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das in WordPress Plugin BEAR versions = 1.1.4.1...

WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Benchmark Email Lite versions = 4.1...

WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Generate Child Theme versions = 2.0...

WordPress Plugin LayerSlider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MQ Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default. Recommendations: For Jenkins MQ Notifier Plugin...

PT-2024-14949 · WordPress · Wordpress Toolbar

Name of the Vulnerable Software and Affected Versions: WordPress Toolbar WordPress plugin versions 2.2.6 and earlier Description: The issue allows unauthenticated attackers to redirect users to potentially malicious sites by tricking them into performing an action. This is achieved via the wptbto...