WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to enable/disable contact sync, plugin reset, account unlink, and email marketing settings change were discovered by Vlad Vector Patchstack in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creati...

WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in the WordPress Api2Cart Bridge Connector plugin versions = 1.1.0. Solution Update the WordPress Api2Cart Bridge Connector plugin to the latest available version at least 1.2.0...

WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings reset discovered by Muhammad Daffa Patchstack Alliance in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creative Mail plugin to the latest available version at least 1.6.0...

WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 2.6. Solution Update the WordPress Testimonials plugin to the latest available version at least 2.7...

WordPress BuddyForms plugin <= 2.7.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress BuddyForms plugin versions = 2.7.2. Solution No patched version is available...

WordPress Gallery with thumbnail slider plugin <= 6.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery with thumbnail slider plugin versions = 6.0. Solution Update the WordPress Gallery with thumbnail slider plugin to the latest available version at least 6.1...

WordPress 3D Tag Cloud plugin <= 3.8 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes Patchstack Alliance in the WordPress 3D Tag Cloud plugin versions = 3.8. Solution Deactivate and delete. This plugin has been closed as of September 22, 2022 and is not available for downloa...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

WordPress Auto Upload Images plugin <= 3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Patchstack Alliance in the WordPress Auto Upload Images plugin versions = 3.3. Solution No patched version is available. No reply from the vendor...

WordPress WIP Custom Login plugin <= 1.2.7 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress WIP Custom Login plugin versions = 1.2.7. Solution Update the WordPress WIP Custom Login plugin to the latest available version at least 1.2.8...

WordPress Image Zoom plugin <= 1.8.8 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Image Zoom plugin versions = 1.8.8. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary,...

WordPress IP Blacklist Cloud plugin <= 5.00 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack in WordPress IP Blacklist Cloud plugin versions = 5.00. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a fu...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by Dhakal Ananda Patchstack Alliance in WordPress Better Messages plugin versions = 1.9.10.68. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.69...

WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Thura Moe Myint Patchstack Alliance in the WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability

Bypass vulnerability discovered by Thura Moe Myint Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Auth. Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Sitemap Creation/Deletion discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...