WordPress Image Zoom plugin <= 1.8.8 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Image Zoom plugin versions = 1.8.8. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary,...

WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability

Bypass vulnerability discovered by Thura Moe Myint Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Thura Moe Myint Patchstack Alliance in the WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Auth. Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by Dhakal Ananda Patchstack Alliance in WordPress Better Messages plugin versions = 1.9.10.68. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.69...

WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Sitemap Deletion/Creation discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...

WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Sitemap Creation/Deletion discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...

WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability

Unauth. Directory Traversal vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Welcart e-Commerce plugin versions = 2.7.6. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.7.8...

WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...

WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to export file download discovered by Lana Codes Patchstack Alliance in WordPress Advanced Order Export For WooCommerce plugin versions = 3.3.2. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available...

WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability was discovered by Mika Patchstack Alliance in the WordPress Rock Convert plugin versions = 2.11.0. Solution Update the WordPress Rock Convert plugin to the latest available version at least 3.0.0...

WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accessibility plugin versions = 1.0.3. Solution Update the WordPress Accessibility plugin to the latest available version at least 1.0.4...

WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress AB Press Optimizer plugin versions = 1.1.1. Solution No patched version is available. No reply from the vendor...

WordPress 3com – Asesor de Cookies plugin <= 3.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 3com – Asesor de Cookies plugin versions = 3.4.3. Solution No patched version is available. No reply from the vendor...

WordPress 5 Anker Connect plugin <= 1.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 5 Anker Connect plugin versions = 1.2.6. Solution Update the WordPress 5 Anker Connect plugin to the latest available version at least 1.2.7...

WordPress Optinly plugin <= 1.0.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Optinly plugin = 1.0.11 Solution No patched version is available. No reply from the vendor...

WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to plugin settings change by the subscriber or higher role users discovered by ptsfence Patchstack Alliance in WordPress Post Slider plugin versions = 1.6.7. Solution No patched version is available. No reply from the vendor...

WordPress CRM Perks Forms plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress CRM Perks Forms plugin versions = 1.1.0. Solution Update the WordPress CRM Perks Forms plugin to the latest available version at least 1.1.1...

WordPress WZone – Lite Version plugin <= 3.1 Lite - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress WZone – Lite Version plugin versions = 3.1 Lite. Solution No patched version is available. No reply from the vendor since Jul 29, 2022...

WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by mirphak Patchstack Alliance in the WordPress Profile Builder plugin versions = 3.6.0. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.1...