WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Admin Management Xtended plugin versions = 2.4.4. Solution Update the WordPress Admin Management Xtended plugin to the latest available version at least 2.4.5...

WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in the WordPress Social Share Buttons by Supsystic plugin versions = 2.2.3. Solution Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version at least 2.2.4...

WordPress Export All URLs plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Universe Patchstack Alliance in WordPress Export All URLs plugin versions = 4.1. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.2...

WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Easy Pricing Tables plugin versions = 3.1.2. Solution Update the WordPress Easy Pricing Tables plugin to the latest available version at least 3.1.3...

WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Promotion Slider plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download...

WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Hotel Booking plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. This...

WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by BEE-K Patchstack in the WordPress Image Slider by NextCode plugin versions = 1.1.2. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is...

WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Travel Management plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. Th...

WordPress Code Snippets plugin <= 2.14.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by BEE-K Patchstack in WordPress Code Snippets plugin versions = 2.14.3. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.4...

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Persistent Cross-Site Scripting XSS was discovered by BEE-K Patchstack in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution Deactivate and delete. No patched version is available. No reply from the vendor...

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by BEE-K Patchstack in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution Deactivate and delete. No patched version is available. No reply from the vendor...

WordPress Donations plugin <= 1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance WordPress Donations plugin versions = 1.8. Solution Deactivate and delete. This plugin has been closed as of February 28, 2022 and is not available for download. Reason: Security Issue...

WordPress Quick Restaurant Reservations plugin <= 1.4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by BEE-K Patchstack in WordPress Quick Restaurant Reservations plugin versions = 1.4.1. Solution Update the WordPress Quick Restaurant Reservations plugin to the latest available version at least 1.4.2...

WordPress Contact Form 7 Database Addon Plugin (CFDB7) <= 1.2.5.9 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress wpDataTables plugin versions = 2.1.27. Solution Update the WordPress wpDataTables plugin to the latest available version at least 2.1.28...

WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress PNG to JPG plugin versions = 4.0. Solution Update the WordPress PNG to JPG plugin to the latest available version at least 4.1...

WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion

Cross-Site Request Forgery CSRF vulnerability leading to CPT base deletion discovered by Ex.Mi Patchstack in WordPress Remove CPT base plugin versions = 5.8. Solution Update the WordPress Remove CPT base plugin to the latest available version at least 5.9...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress WP Slider Plugin versions = 1.4.5. Solution No patched version is available. No reply from the vendor...

WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Lucio Sá Patchstack Alliance in WordPress Checkout Files Upload for WooCommerce plugin versions = 2.1.2. Solution Update the WordPress Checkout Files Upload for WooCommerce plugin to the latest available version at least 2.1.3...