WordPress Contact Bank plugin <= 3.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhang Yunpei in WordPress Contact Bank plugin versions = 3.0.30. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...

WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability

Missing Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accommodation System plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress Gallery PhotoBlocks plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerabilities

Cross-Site Request Forgery CSRF vulnerabilities leading to Gallery Delete / Copy discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery PhotoBlocks plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

WordPress Sharebar plugin <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Sharebar plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full revie...

WordPress Rotating Posts plugin <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Rotating Posts plugin versions = 1.11. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress WP JS plugin <= 2.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Marco Wotschka in WordPress WP JS plugin versions = 2.0.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Dynamic Widgets plugin <= 1.5.16 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Dynamic Widgets plugin versions = 1.5.16. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...

WordPress Agency Lite theme <= 1.1.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Agency Lite theme versions = 1.1.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

WordPress SpiderCatalog plugin <= 1.7.3 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress SpiderCatalog plugin versions = 1.7.3. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...

WordPress WP Survey Plus plugin <= 1.0 - AJAX Calls to add/edit/delete surveys vulnerability

AJAX Calls to add/edit/delete surveys vulnerability discovered by Vishal Mohan in WordPress WP Survey Plus plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of September 30, 2021 and is not available for download. This closure is temporary, pending a full revie...

WordPress 博客社交分享组件 plugin <= 1.4.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by yangshengcheng in WordPress 博客社交分享组件 plugin versions = 1.4.4. Solution Vulnerability fixed in version 1.4.5, but the plugin is closed due to other security issues. Deactivate and delete. This plugin has been closed as of September 26, 20...

WordPress Custom Text Selection Colors plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Custom Text Selection Colors plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full revi...

WordPress Jibu Pro plugin <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Renos Nikolaou in WordPress Jibu Pro plugin versions = 1.7. Solution 2018.09.01 - we were unable to find a patched version of this plugin. Last time updated seven years ago. We recommend to deactivate and delete it...

WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...