WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability

Authenticated Arbitrary File Creation via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...

WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in the WordPress WP Visitor Statistics plugin versions = 5.7. Solution Update the WordPress WP Visitor Statistics plugin to the latest available version at least 5.8...

WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability

Authenticated Arbitrary Code Execution vulnerability discovered by Universe Patchstack Alliance in WordPress Import any XML or CSV File to WordPress plugin versions = 3.6.7. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.6.8...

WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Social Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress WP Meta SEO plugin versions = 4.4.8. Solution Update the WordPress WP Meta SEO plugin to the latest available version at least 4.4.9...

WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.7 - Broken Access Control vulnerability leading to &yikes-the-content-toggle option update

Broken Access Control vulnerability leading to &yikes-the-content-toggle option update discovered by Tien Nguyen Anh Patchstack Alliance in WordPress Custom Product Tabs for WooCommerce plugin versions = 1.7.7. Solution Update the WordPress Custom Product Tabs for WooCommerce plugin to the latest...

WordPress Social Media Share Buttons plugin <= 3.8.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Social Media Share Buttons plugin versions = 3.8.4. Solution Update the WordPress Social Media Share Buttons plugin to the latest available version at least 3.8.5...

WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress XO Slider plugin versions = 3.3.2. Solution Update the WordPress XO Slider plugin to the latest available version at least 3.3.3...

WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Admin Management Xtended plugin versions = 2.4.4. Solution Update the WordPress Admin Management Xtended plugin to the latest available version at least 2.4.5...

WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Easy Pricing Tables plugin versions = 3.1.2. Solution Update the WordPress Easy Pricing Tables plugin to the latest available version at least 3.1.3...

WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in the WordPress Social Share Buttons by Supsystic plugin versions = 2.2.3. Solution Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version at least 2.2.4...

WordPress Export All URLs plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Universe Patchstack Alliance in WordPress Export All URLs plugin versions = 4.1. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.2...

WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Promotion Slider plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download...

WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Hotel Booking plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. This...

WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Travel Management plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. Th...

WordPress Donations plugin <= 1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance WordPress Donations plugin versions = 1.8. Solution Deactivate and delete. This plugin has been closed as of February 28, 2022 and is not available for download. Reason: Security Issue...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Lucio Sá Patchstack Alliance in WordPress Checkout Files Upload for WooCommerce plugin versions = 2.1.2. Solution Update the WordPress Checkout Files Upload for WooCommerce plugin to the latest available version at least 2.1.3...

WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress WP Slider Plugin versions = 1.4.5. Solution No patched version is available. No reply from the vendor...

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF leading to Remote Code Execution RCE vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution No patched version is available. No reply from the vendor...

WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Ahn aka vigov5 Patchstack Alliance in WordPress Slideshow, Image Slider by 2J plugin versions = 1.3.54. Solution No patched version is available. No reply from the vendor...