WordPress WP Store theme <= 1.1.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress WP Store theme versions = 1.1.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress The100 theme <= 1.1.2 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress The100 theme versions = 1.1.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Mag theme <= 2.6.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Mag theme versions = 2.6.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Agency Lite theme <= 1.1.6 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Agency Lite theme versions = 1.1.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Zigcy Lite theme <= 2.0.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Zigcy Lite theme versions = 2.0.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress StoreVilla theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress StoreVilla theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Accesspress Basic theme <= 3.2.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Accesspress Basic theme versions = 3.2.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

Cross-Site Request Forgery CSRF vulnerability leading to Data Reset Posts / Pages / Media discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...

WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress Better Messages plugin versions = 1.9.9.148. Solution Update the WordPress Better Messages plugin to the latest available version at least 1.9.9.149...

WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability at bpmessagesfavorite discovered by Vlad Vector Patchstack in WordPress Better Messages plugin versions = 1.9.9.148. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.149...

WordPress PHP Everywhere plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Ex.Mi Patchstack in WordPress PHP Everywhere plugin versions = 2.0.3. Solution Update the WordPress PHP Everywhere plugin to the latest available version at least 3.0.0...

WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in WordPress Ultimate Reviews plugin versions = 3.0.15. Solution Update the WordPress Ultimate Reviews plugin to the latest available version at least 3.0.16...

WordPress WP Store theme <= 1.1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WP Store theme versions = 1.1.9. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...

WordPress EightStore Lite theme <= 1.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress EightStore Lite theme versions = 1.2.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

WordPress WPparallax theme <= 2.0.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WPparallax theme versions = 2.0.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

WordPress Brovy theme <= 1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Brovy theme versions = 1.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

WordPress Opstore theme <= 1.4.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Opstore theme versions = 1.4.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

WordPress Eightmedi Lite theme <= 2.1.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Eightmedi Lite theme versions = 2.1.8. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Authenticated Cross-Site Scripting XSS vulnerabilities were discovered by Ex.Mi Patchstack Red Team in WordPress tarteaucitron.js – Cookies legislation & GDPR plugin versions = 1.6. Solution Update the WordPress tarteaucitron.js – Cookies legislation & GDPR plugin to the latest...

WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress AMP for WP – Accelerated Mobile Pages plugin versions = 1.0.77.32. Solution Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version at...