WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...

WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Sitemap Deletion/Creation discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...

WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability Leading to Arbitrary Plugin Installation/Activation discovered by Dave Jong Patchstack in WordPress Avada theme versions = 7.8.1. Solution Update the WordPress Avada theme to the latest available version at least 7.8.2...

WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability

Unauth. Directory Traversal vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Welcart e-Commerce plugin versions = 2.7.6. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.7.8...

WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to export file download discovered by Lana Codes Patchstack Alliance in WordPress Advanced Order Export For WooCommerce plugin versions = 3.3.2. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available...

WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability was discovered by Mika Patchstack Alliance in the WordPress Rock Convert plugin versions = 2.11.0. Solution Update the WordPress Rock Convert plugin to the latest available version at least 3.0.0...

WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Shortcodes Ultimate plugin versions = 5.12.0. Solution Update the WordPress Shortcodes Ultimate plugin to the latest available version at least...

WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accessibility plugin versions = 1.0.3. Solution Update the WordPress Accessibility plugin to the latest available version at least 1.0.4...

WordPress 5 Anker Connect plugin <= 1.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 5 Anker Connect plugin versions = 1.2.6. Solution Update the WordPress 5 Anker Connect plugin to the latest available version at least 1.2.7...

WordPress Optinly plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control leading to plugin settings change by the subscriber or higher role user vulnerability discovered by ptsfence Patchstack in WordPress Optinly plugin versions = 1.0.11. Solution No patched version is available. No reply from the vendor...

WordPress Optinly plugin <= 1.0.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Optinly plugin = 1.0.11 Solution No patched version is available. No reply from the vendor...

WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress AB Press Optimizer plugin versions = 1.1.1. Solution No patched version is available. No reply from the vendor...

WordPress 3com – Asesor de Cookies plugin <= 3.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 3com – Asesor de Cookies plugin versions = 3.4.3. Solution No patched version is available. No reply from the vendor...

WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin versions = 1.1.0. Solution Update the WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce plugin to the latest...

WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to plugin settings change by the subscriber or higher role users discovered by ptsfence Patchstack Alliance in WordPress Post Slider plugin versions = 1.6.7. Solution No patched version is available. No reply from the vendor...

WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Preset Settings Change discovered by Dave Jong Patchstack in WordPress Shortcodes Ultimate plugin versions = 5.12.0. Solution Update the WordPress Shortcodes Ultimate plugin to the latest available version at least 5.12.1...

WordPress WZone – Lite Version plugin <= 3.1 Lite - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress WZone – Lite Version plugin versions = 3.1 Lite. Solution No patched version is available. No reply from the vendor since Jul 29, 2022...

WordPress CRM Perks Forms plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress CRM Perks Forms plugin versions = 1.1.0. Solution Update the WordPress CRM Perks Forms plugin to the latest available version at least 1.1.1...

WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by mirphak Patchstack Alliance in the WordPress Profile Builder plugin versions = 3.6.0. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.1...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability leading to Changing of Quiz Content discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at leas...