WordPress Gallery Images Ape plugin <= 2.2.8 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to Gallery Duplication discovered by thiennv Patchstack Alliance in WordPress Gallery Images Ape plugin versions = 2.2.8. Solution No patched version is available. No reply from the vendor...

WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...

WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes Patchstack Alliance in WordPress miniOrange's Google Authenticator plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at leas...

WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Autoblogging Removal discovered by Muhammad Daffa Patchstack Alliance in the WordPress Content Egg plugin versions = 5.4.0. Solution Update the WordPress Content Egg plugin to the latest available version at least 5.5.0...

WordPress TeraWallet – For WooCommerce plugin <= 1.3.24 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress TeraWallet – For WooCommerce plugin versions = 1.3.24. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.0...

WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Rule Type Migration discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest...

WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability

Missing Authorization vulnerability leading to Feedback Submission discovered by Lana Codes Patchstack Alliance in the WordPress Appointment Booking Calendar plugin versions = 1.3.69. Solution Update the WordPress Appointment Booking Calendar plugin to the latest available version at least 1.3.70...

WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Import was discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the...

WordPress Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Account Disconnect discovered by Rasi Afeef Patchstack Alliance in WordPress Forms by CaptainForm versions = 2.5.3. Solution No patched version is available. No reply from the vendor...

WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability

Unauth. Plugin Settings Change vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Modula plugin versions = 2.6.9. Solution Update the WordPress Modula Image Gallery plugin to the latest available version at least 2.6.91...

WordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Booster for WooCommerce plugin versions = 5.6.6. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.6.7...

WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings reset discovered by Muhammad Daffa Patchstack Alliance in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creative Mail plugin to the latest available version at least 1.6.0...

WordPress WP Bootstrap Gallery plugin <= 1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress WP Bootstrap Gallery plugin versions = 1.1. Solution No patched version is available. No reply from the vendor...

WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...

WordPress 3D Tag Cloud plugin <= 3.8 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes Patchstack Alliance in the WordPress 3D Tag Cloud plugin versions = 3.8. Solution Deactivate and delete. This plugin has been closed as of September 22, 2022 and is not available for downloa...

WordPress Gallery with thumbnail slider plugin <= 6.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery with thumbnail slider plugin versions = 6.0. Solution Update the WordPress Gallery with thumbnail slider plugin to the latest available version at least 6.1...

WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 2.6. Solution Update the WordPress Testimonials plugin to the latest available version at least 2.7...

WordPress BuddyForms plugin <= 2.7.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress BuddyForms plugin versions = 2.7.2. Solution No patched version is available...

WordPress Auto Upload Images plugin <= 3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Patchstack Alliance in the WordPress Auto Upload Images plugin versions = 3.3. Solution No patched version is available. No reply from the vendor...

WordPress WIP Custom Login plugin <= 1.2.7 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress WIP Custom Login plugin versions = 1.2.7. Solution Update the WordPress WIP Custom Login plugin to the latest available version at least 1.2.8...