WordPress Passster – Password Protection Plugin < 3.5.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Passster – Password Protection Type Plugin Vulnerable versions 3.5.5.8 Fixed in 3.5.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-24837 Patch priority Medium CVSS severity Medium 6.3 Developer Patrick Posner PSID b41d0cd0e690 Credits...

WordPress Logo Showcase with Slick Slider plugin <= 2.0 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF vulnerability

Arbitrary Media Title/Description/Alt Text/URL Update via CSRF vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 2.0. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 2.0.1...

WordPress SupportCandy plugin <= 2.2.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...

WordPress Simple Download Monitor plugin <= 3.9.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.10. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.11...

WordPress PDF.js Viewer plugin <= 2.0.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress PDF.js Viewer plugin versions = 2.0.1. Solution Update the WordPress PDF.js Viewer plugin to the latest available version at least 2.0.2...

WordPress Cost Calculator plugin <= 1.4 - Local File Inclusion (LFI) vulnerability

Local File Inclusion LFI vulnerability discovered by apple502j in WordPress Cost Calculator plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. Reason: Security Issue...

WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability

Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.4. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.5...

WordPress QR Redirector plugin <= 1.5 - Arbitrary QR Redirect Response Status Update vulnerability

Arbitrary QR Redirect Response Status Update vulnerability discovered by apple502j in WordPress QR Redirector plugin versions = 1.5. Solution Update the WordPress QR Redirector plugin to the latest available version at least 1.6...

WordPress Simple Download Monitor plugin <= 3.9.5 - Arbitrary Thumbnails Removal vulnerability

Arbitrary Thumbnails Removal vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

WordPress Simple Download Monitor plugin <= 3.9.5 - Arbitrary Thumbnails Removal vulnerability

Arbitrary Thumbnails Removal vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

WordPress Perfect Survey plugin <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Perfect Survey plugin versions = 1.5.2. Solution Deactivate and delete. This plugin has been closed as of October 5, 2021 and is not available for download. Reason: Security Issue...

WordPress Image Source Control plugin <= 2.3.0 - Arbitrary Post Meta Value Change vulnerability

Arbitrary Post Meta Value Change vulnerability discovered by apple502j in WordPress Image Source Control plugin versions = 2.3.0. Solution Update the WordPress Image Source Control plugin to the latest available version at least 2.3.1...

WordPress Stylish Price List plugin <= 6.8.14 - Unauthenticated Arbitrary Image Upload vulnerability

Unauthenticated Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.8.14. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.0...

WordPress To Top plugin <= 2.2.2 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress To Top plugin versions = 2.2.2. Solution Update the WordPress To Top plugin to the latest available version at least 2.3...

WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Widgets plugin versions = 1.8. Solution Update the WordPress Essential Widgets plugin to the latest available version at least 1.9...

WordPress Catch Gallery plugin <= 1.6.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Gallery plugin versions = 1.6.8. Solution Update the WordPress Catch Gallery plugin to the latest available version at least 1.7...

WordPress Catch Import Export plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Import Export plugin versions = 1.8. Solution Update the WordPress Catch Import Export plugin to the latest available version at least 1.9...

WordPress Find My Blocks plugin <= 3.3.2 - Private Post Titles Disclosure vulnerability

Private Post Titles Disclosure vulnerability discovered by apple502j in WordPress Find My Blocks plugin versions = 3.3.2. Solution Update the WordPress Find My Blocks plugin to the latest available version at least 3.4.0...

WordPress Weather Effect plugin <= 1.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.4. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.6...

WordPress Meow Gallery plugin <= 4.1.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by apple502j in WordPress Meow Gallery plugin versions = 4.1.8. Solution Update the WordPress Meow Gallery plugin to the latest available version at least 4.1.9...