Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/yayextra/vulnerability/wordpress-yayextra-1-5-2-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/bridge-core/vulnerability/wordpress-bridge-core-plugin-3-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material Dashboard allows Authentication Bypass. This issue affects Material Dashboard: from n/a through 1.4.5. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-privilege-escalation-vulnerability?_s_id=cve
Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5. Assigner : audit@patchstack.com...
Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-3-4-10-php-object-injection-vulnerability?_s_id=cve
Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/mobile-dj-manager/vulnerability/wordpress-mdjm-event-management-plugin-1-7-5-2-php-object-injection-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in randyjensen RJ Quickcharts allows SQL Injection. This issue affects RJ Quickcharts: from n/a through 0.6.1. Assigner : audit@patchstack.com More information...
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/gtm-kit/vulnerability/wordpress-gtm-kit-plugin-2-3-1-sensitive-data-exposure-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40. Assigner :...
Missing Authorization vulnerability in KingAddons.com King Addons for Elementor. This issue affects King Addons for Elementor: from n/a through 24.12.58. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/king-addons/vulnerability/wordpress-king-addons-for-elementor-plugin-24-12-58-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through n/a. Assigner : audit@patchstack.com...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Wham SKU Generator for WooCommerce allows Reflected XSS. This issue affects SKU Generator for WooCommerce: from n/a through 1.6.2. Assigner :...
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cve
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6. Assigner : audit@patchstack.com More...