WordPress Accordions plugin <= 2.0.3 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...

WordPress Redirection for Contact Form 7 plugin <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability

Unauthenticated Options Change vulnerability discovered by mirphak Patchstack Alliance in WordPress Redirection for Contact Form 7 plugin versions = 2.4.0. Successful exploitation requires an additional extension plugin AccessiBe. An attacker can inject a script into the footer. Solution Update t...

WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress Analytics Cat plugin versions = 1.0.9. Solution Update the WordPress Analytics Cat plugin to the latest available version at least 1.1.0...

WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Cache Deletion discovered by Muhammad Daffa Patchstack Alliance in WordPress Analytify plugin versions = 4.2.2 Solution Update the WordPress Analytify plugin to the latest available version at least 4.2.3...

WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability

Unauthenticated Error Log Disclosure vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Media Library Assistant plugin versions = 3.00. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 3.01...

WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...

WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability was discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Store Locator plugin versions = 1.4.5. Solution Update the WordPress Store Locator WordPress plugin to the latest available version at least 1.4.6...

WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Booking Ultra Pro plugin versions = 1.1.4 Solution No patched version is available...

WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Ads – Ad Manager & AdSense plugin versions = 1.31.1. Solution Update the WordPress Advanced Ads – Ad Manager & AdSense plugin to the latest available version at least...

WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability

Block BYPASS vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress iQ Block Country plugin versions = 1.2.18. Solution Update the WordPress iQ Block Country plugin to the latest available version at least 1.2.19...

WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability was discovered by Ngo Van Thien Patchstack Alliance in the WordPress Booking Ultra Pro plugin versions = 1.1.4. Solution No patched version is available...

WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...

WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...

WordPress Oceanwp sticky header plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to a header style change discovered by Rasi Afeef Patchstack Alliance in WordPress Oceanwp sticky header plugin versions = 1.0.8. Solution No patched version is available. No reply from the vendor...

WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Pop-Up Chop Chop plugin versions = 2.1.7. Solution No patched version is available. No reply from the vendor...

WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Universe Patchstack Alliance in WordPress Activity Log plugin versions = 2.8.3 Solution Update the WordPress Activity Log plugin to the latest available version at least 2.8.4...

WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Page Widget plugin versions = 3.9. Solution Update the WordPress WP Page Widget plugin to the latest available version at least 4.0...

WordPress Comment Guestbook plugin <= 0.8.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Comment Guestbook plugin versions = 0.8.0. Solution No patched version available...

WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to post deletion discovered by Dhakal Ananda Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.0.6...

WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to deletion of 404 errors and redirection history was discovered by Muhammad Daffa Patchstack Alliance in the WordPress SEO Redirection plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version...