WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability

Edit/Delete event via IDOR vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

WordPress Spiffy Calendar plugin <= 4.9.0 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by ThuraMoeMyint Patchstack Red Team project in WordPress Yasr – Yet Another Stars Rating plugin versions = 2.9.9. Solution Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version at least 3.0.0...

Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over ...

WordPress MaxGalleria plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in the WordPress MaxGalleria plugin versions = 6.2.7. Solution Update the WordPress MaxGalleria plugin to the latest available version at least 6.2.8...

WordPress Accesspress Mag theme <= 2.6.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Accesspress Mag theme versions = 2.6.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress StoreVilla theme <= 1.4.1 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress StoreVilla theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Enlighten theme <= 1.3.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Enlighten theme versions = 1.3.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress AccessPress Root theme <= 2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress AccessPress Root theme versions = 2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress ParallaxSome theme <= 1.3.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ParallaxSome theme versions = 1.3.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress VMag theme <= 1.2.7 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress VMag theme versions = 1.2.7. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress ScrollMe theme <= 2.1.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Uncode Lite theme <= 1.3.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Uncode Lite theme versions = 1.3.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Cosmetics theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics theme versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Ripple theme <= 1.2.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Sakala theme <= 1.0.4 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Sakala theme versions = 1.0.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Eight Sec theme <= 1.1.4 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Eight Sec theme versions = 1.1.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Brovy theme <= 1.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Brovy theme versions = 1.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress WPparallax theme <= 2.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress WPparallax theme versions = 2.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Ultra Seven theme <= 1.2.8 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ultra Seven theme versions = 1.2.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...