WordPress Flo Forms plugin <= 1.0.35 - Authenticated Options Change & Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Options Change & Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Flo Forms plugin versions = 1.0.35. Solution Update the WordPress Flo Forms plugin to the latest available version at least 1.0.36...

WordPress Fruitful theme <= 3.8.1 - Authenticated Theme Options Deletion vulnerability

Authenticated Theme Options Deletion vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...

WordPress WP Project Manager plugin <= 2.4.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress WP Project Manager plugin versions = 2.4.9. Solution Update the WordPress WP Project Manager plugin to the latest available version at least 2.4.10...

WordPress WP ERP plugin <= 1.7.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress WP ERP plugin versions = 1.7.4. Solution Update the WordPress WP ERP plugin to the latest available version at least 1.7.5...

WordPress WP Travel plugin <= 4.4.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress WP Travel plugin versions = 4.4.6. Solution Update the WordPress WP Travel plugin to the latest available version at least 4.4.7...

WordPress Style Kits plugin <= 1.8.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Style Kits plugin versions = 1.8.0. Solution Update the WordPress Style Kits plugin to the latest available version at least 1.8.1...

WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.8.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Abandoned Cart Lite for WooCommerce plugin versions = 5.8.5. Solution Update the WordPress Abandoned Cart Lite for WooCommerce plugin to the latest available version at least 5.8.6...

WordPress Forminator plugin <= 1.14.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Forminator plugin versions = 1.14.8. Solution Update the WordPress Forminator plugin to the latest available version at least 1.14.8.1...

WordPress Defender Security plugin <= 2.4.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Defender Security plugin versions = 2.4.6. Solution Update the WordPress Defender Security plugin to the latest available version at least 2.4.6.1...

WordPress Dokan plugin <= 3.2.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Dokan plugin versions = 3.2.0. Solution Update the WordPress Dokan plugin to the latest available version at least 3.2.1...

WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability

Unauthenticated Insecure Deserialisation vulnerability found by Jerome Bruander NinTechNet in WordPress Newsletter Manager plugin versions = 1.5.1. Solution 2020-12-31 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October...

WordPress ListingPro theme <= 2.6 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation vulnerability

Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation vulnerability found by Jerome Bruandet NinTechNet in WordPress ListingPro theme versions = 2.6. Solution Update the WordPress ListingPro theme to the latest available version at least 2.6.1...

WordPress ListingPro theme <= 2.6 - Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc) vulnerability

Unauthenticated Sensitive Data Disclosure usernames, emails, other data vulnerability found by Jerome Bruandet NinTechNet in WordPress ListingPro theme versions = 2.6. Solution Update the WordPress ListingPro theme to the latest available version at least 2.6.1...

WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability

Authenticated Remote Command Execution RCE vulnerability found by NinTechNet in WordPress Secure File Manager plugin versions = 2.5. Solution The plugin has been removed from the wordpress.org plugin repository. We highly recommend deleting this plugin from your WordPress sites. wordpress.org...

WordPress Newspaper X theme <= 1.3.1 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Newspaper X theme versions = 1.3.1. Solution Update the WordPress Newspaper X theme to the latest available version at least 1.3.2...

WordPress MedZone Lite <=1.2.5 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress MedZone Lite versions =1.2.5. Solution Update the WordPress MedZone Lite to the latest available version at least 1.2.6...

WordPress Allegiant theme <= 1.2.5 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Allegiant theme versions = 1.2.5. Solution Update the WordPress Allegiant theme to the latest available version at least 1.2.6...

WordPress Shapely theme <= 1.2.8 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Shapely theme versions = 1.2.8. Solution Update the WordPress Shapely theme to the latest available version at least 1.2.9...

WordPress Transcend theme <= 1.1.9 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Transcend theme versions = 1.1.9. Solution Update the WordPress Transcend theme to the latest available version at least 1.2.0...

WordPress Brilliance theme <=1.2.9 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Brilliance theme versions 1.2.9. Solution Update the WordPress Brilliance theme to the latest available version at least =1.3.0...