WordPress The Monday theme <= 1.4.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress The Monday theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

WordPress Zigcy Cosmetics theme <= 1.0.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Zigcy Cosmetics theme versions = 1.0.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

WordPress Agency Lite theme <= 1.1.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Agency Lite theme versions = 1.1.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

WordPress Accesspress Basic theme <= 3.2.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Accesspress Basic theme versions = 3.2.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

WordPress VMagazine Lite theme <= 1.3.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress VMagazine Lite theme versions = 1.3.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

WordPress StoreVilla theme <= 1.4.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress StoreVilla theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

WordPress ScrollMe theme <= 2.1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress ScrollMe theme versions = 2.1.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...

WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Red Team in WordPress Ivory Search plugin versions = 4.6.6. Vulnerable at &post parameter. Solution Update the WordPress Ivory Search plugin to the latest available version at least 4.7...

WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Red Team in WordPress Absolutely Glamorous Custom Admin plugin versions = 6.8. Solution Update the WordPress Absolutely Glamorous Custom Admin plugin to the latest available version at least 6.9, addition...

WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Vulnerable parameters: &filterid, &filteruser, &filterexpireddate, &filtercreateddate, &filterupdateddate. Solution Update the WordPress uListing...

WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability

Modify User Roles via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...

WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Vlad Visse Patchstack Red Team in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2,...

WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Vlad Visse Patchstack Red Team in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title. Solution Update the WordPress WP Google Maps...

WordPress Real Estate 7 premium theme <= 3.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Real Estate 7 premium theme versions = 3.1.0. Vulnerable parameter: "&ctcommunity=". Solution Update the WordPress Real Estate 7 premium theme to the latest available version at...

WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Backup by 10Web – Backup and Restore plugin versions = 1.0.20. Solution This plugin has been closed as of June 2, 2021 and is not available for download. This closure is permanent...