WordPress Directorist plugin <= 7.4.2.1 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. Insecure Direct Object References IDOR vulnerability leading to arbitrary user password update discovered by cydave in the WordPress Directorist plugin versions = 7.4.2.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.4.2.2...

WordPress BadgeOS plugin <= 3.7.1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BadgeOS plugin versions = 3.7.1.2. Solution Update the WordPress BadgeOS plugin to the latest available version at least 3.7.1.3...

WordPress Youzify plugin <= 1.1.9 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Youzify plugin versions = 1.1.9. Solution Update the WordPress Youzify plugin to the latest available version at least 1.2.0...

WordPress Copyright Proof plugin <= 4.16 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Copyright Proof plugin versions = 4.16 Solution Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.9.7 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Shortcodes and extra features for Phlox theme plugin versions = 2.9.7. Solution Update the WordPress Shortcodes and extra features for Phlox theme plugin to the latest available version at least 2.9.8...

WordPress Core plugin for Kitestudio themes <= 2.3.0 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Core plugin for Kitestudio themes versions = 2.3.0. Solution Update the WordPress Core plugin for Kitestudio themes to the latest available version at least 2.3.1...

WordPress eaSYNC plugin <= 1.1.15 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by cydave in WordPress eaSYNC plugin versions = 1.1.15. Solution Update the WordPress eaSYNC plugin to the latest available version at least 1.1.16...

WordPress ARMember plugin <= 3.4.7 - Unauthenticated Admin Account Takeover vulnerability

Unauthenticated Admin Account Takeover vulnerability discovered by cydave in WordPress ARMember plugin versions = 3.4.7. Solution Update the WordPress ARMember plugin to the latest available version at least 3.4.8...

WordPress Web To Print Shop : uDraw plugin <= 3.3.32 - Unauthenticated Arbitrary File Access vulnerability

Unauthenticated Arbitrary File Access vulnerability discovered by cydave in WordPress Web To Print Shop : uDraw plugin versions = 3.3.32. Solution Update the WordPress Web To Print Shop : uDraw plugin to the latest available version at least 3.3.33...

WordPress Infographic Maker – iList plugin <= 4.3.7 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Infographic Maker – iList plugin versions = 4.3.7. Solution Update the WordPress Infographic Maker – iList plugin to the latest available version at least 4.3.8...