WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress WP Reset plugin <= 1.86 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress WP Reset plugin versions = 1.86. Solution Update the WordPress WP Reset plugin to the latest available version at least 1.90...

WordPress Doo premium theme <= 1.25 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Doo premium theme versions = 1.25. Solution 9 June 2021 - Theme removed from the Themeforest repository. Unfortunately, no information about the patched version is available...

WordPress Wisem premium theme <= 1.26 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Wisem premium theme versions = 1.26. Solution 9 June 2021 - Theme removed from the Themeforest repository. Unfortunately, no information about the patched version is available...

WordPress Loocall premium theme <= 1.23 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Loocall premium theme versions = 1.23. Solution 9 June 2021 - Theme removed from the Themeforest repository. Unfortunately, no information about the patched version is available...

WordPress Strong premium theme <= 1.25 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Strong premium theme versions = 1.25. Solution 9 June 2021 - Theme removed from the Themeforest repository. Unfortunately, no information about the patched version is available...

WordPress JobSearch premium plugin <= 1.7.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress JobSearch premium plugin versions = 1.7.3. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.7.4...

WordPress Form Maker by 10Web plugin <= 1.13.56 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze and Thura Moe Myint in WordPress Form Maker by 10Web plugin versions = 1.13.56. Solution Update the WordPress Form Maker by 10Web plugin to the latest available version at least 1.13.57...

WordPress Speed Booster Pack plugin <= 4.1.3 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered by m0ze in WordPress Speed Booster Pack plugin versions = 4.1.3 to be more precise = 4.2.0-beta. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.2.0...

WordPress Autoptimize plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Autoptimize plugin versions = 2.8.3. Solution Update the WordPress Autoptimize plugin to the latest available version at least 2.8.4...

WordPress SEO Redirection plugin <= 6.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress SEO Redirection plugin versions = 6.4. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 7.1...

WordPress Funnel Builder by CartFlows plugin <= 1.6.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Funnel Builder by CartFlows plugin versions = 1.6.12. Solution Update the WordPress Funnel Builder by CartFlows plugin to the latest available version at least 1.6.13...

WordPress WooCommerce plugin <= 5.1.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress WooCommerce plugin versions = 5.1.0. Solution Update the WordPress WooCommerce plugin to the latest available version at least 5.2.0...

WordPress Smooth Scroll Page Up/Down Buttons WordPress plugin <= 1.4 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Smooth Scroll Page Up/Down Buttons WordPress plugin versions = 1.4. Solution 2021-04-29 - No patched version is available...

WordPress WP Super Cache plugin <= 1.7.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress WP Super Cache plugin versions = 1.7.2. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.3...

WordPress W3 Total Cache plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress W3 Total Cache plugin versions = 2.1.2. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.3...

WordPress Instant Images – One Click Unsplash Uploads plugin <= 4.4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Instant Images – One Click Unsplash Uploads plugin versions = 4.4.0. Solution Update the WordPress Instant Images – One Click Unsplash Uploads plugin to the latest available version at least 4.4.0.1...

WordPress SEO Redirection plugin <= 6.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress SEO Redirection plugin versions = 6.3 Solution Update the WordPress SEO Redirection plugin to the latest available version at least 6.4...

WordPress SEO Redirection plugin <= 6.3 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress SEO Redirection plugin versions = 6.3. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 6.4...

WordPress All 404 Redirect to Homepage plugin <= 1.20 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress All 404 Redirect to Homepage plugin versions = 1.20. Solution Update the WordPress All 404 Redirect to Homepage plugin to the latest available version at least 1.21...