WordPress tagDiv Composer plugin <= 5.3 - Reflected Cross-Site Scripting via 'data' vulnerability

Reflected Cross-Site Scripting via 'data' vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.3...

WordPress WP Hotel Booking plugin <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Truoc Phan in WordPress Plugin WP Hotel Booking versions = 2.1.2...

WordPress tagDiv Composer plugin <= 5.0 - Reflected Cross-Site Scripting via envato_code[] vulnerability

Reflected Cross-Site Scripting via envatocode vulnerability discovered by Truoc Phan in WordPress Plugin tagDiv Composer versions = 5.0...

WordPress MStore API plugin <= 4.14.7 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Truoc Phan in WordPress Plugin MStore API versions = 4.14.7...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

WordPress ProfileGrid plugin <= 5.8.9 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability discovered by Truoc Phan in WordPress Plugin ProfileGrid versions = 5.8.9...

WordPress Smush plugin <= 3.16.4 - Authenticated Resmush List Deletion vulnerability

Authenticated Resmush List Deletion vulnerability discovered by Truoc Phan in WordPress Plugin Smush Image Compression and Optimization versions = 3.16.4...

WordPress InstaWP Connect plugin <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation vulnerability

Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation vulnerability discovered by Truoc Phan in WordPress Plugin InstaWP Connect versions = 0.1.0.38...

WordPress tagDiv Composer plugin < 3.5 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Truoc Phan Techlab Corporation in WordPress tagDiv Composer plugin versions 3.5. Solution Update the WordPress tagDiv Composer plugin to the latest available version at least 3.5...

WordPress WP Customer Reviews plugin <= 3.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress WP Customer Reviews plugin versions = 3.5.5. Solution Update the WordPress WP Customer Reviews plugin to the latest available version at least 3.5.6...