WordPress The Launcher theme <= 1.3.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The Launcher theme versions = 1.3.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability

Server Information Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...

WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability

Set Featured Brand vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...

WordPress Construction Lite theme <= 1.2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Construction Lite theme versions = 1.2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Agency Lite theme <= 1.1.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Agency Lite theme versions = 1.1.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Opstore theme <= 1.4.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Opstore theme versions = 1.4.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress The100 theme <= 1.1.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The100 theme versions = 1.1.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Baby theme <= 1.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Baby theme versions = 1.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress [GWA] AutoResponder plugin <= 2.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation...

WordPress [GWA] AutoResponder plugin <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Multiple Persistent Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Multiple Persistent Cross-Site Scripting XSS discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...

WordPress [GWA] AutoResponder <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) at &Subject

Cross-Site Request Forgery CSRF leading to Persistent Cross-Site Scripting XSS at &Subject discovered by m0ze Patchstack in WordPress GWA AutoResponder versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...

WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline...

WordPress AccessPress Parallax theme <= 4.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Parallax theme versions = 4.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress VMagazine Lite theme <= 1.3.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress VMagazine Lite theme versions = 1.3.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Root theme <= 2.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Root theme versions = 2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress FotoGraphy theme <= 2.4.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress FotoGraphy theme versions = 2.4.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress ScrollMe theme <= 2.1.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Ripple theme <= 1.2.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress The Monday theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi (Patchstack) in

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress The Monday theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Eightmedi Lite theme <= 2.1.8 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Eightmedi Lite theme versions = 2.1.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...