WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability

Auth. PHP Object Injection vulnerability discovered by Dave Jong Patchstack in the WordPress Betheme theme versions = 26.5.1.4. Solution Update the WordPress Betheme theme to the latest available version at least 26.6...

WordPress AdRotate Banner Manager plugin <= 5.9 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to resetting some of the maintenance settings Reset tasks, Disable the third party, Update Database were discovered by Muhammad Daffa Patchstack Alliance in the WordPress AdRotate Banner Manager plugin versions = 5.9. Solution...

WordPress Add Multiple Marker plugin <= 1.2 - Missing Access Control vulnerability

Missing Access Control vulnerability leading to unauth. plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...

WordPress Add Multiple Marker plugin <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...

WordPress Shortcodes Ultimate Plugin < 5.12.1 Multiple CSRF Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Tomasz Staszyszyn Patchstack Alliance in WordPress S2W – Import Shopify to WooCommerce plugin versions = 1.1.12. Solution Update the WordPress S2W – Import Shopify to WooCommerce plugin to the latest available version at least 1.1.13...

WordPress Better Messages plugin <= 1.9.10.69 - Messaging Block Bypass vulnerability

Messaging Block Bypass vulnerability discovered by Dhakal Ananda Patchstack Alliance in WordPress Better Messages plugin versions = 1.9.10.69. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.71...

WordPress Quick Restaurant Reservations plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Quick Restaurant Reservations plugin versions = 1.5.4. Solution Update the WordPress Quick Restaurant Reservations plugin to the latest available version at least 1.5.5...

WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to status change of translation job discovered by Dave Jong Patchstack in the WordPress WPML Multilingual CMS premium plugin versions = 4.5.10. Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.11...

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13 Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Lana Codes Patchstack Alliance in WordPress REST API Authentication plugin versions = 2.4.0. Solution Update the WordPress WordPress REST API Authentication plugin to the latest available version at leas...

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to status change of translation job discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13. Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.8 RCE Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Cyklodev WP Notify plugin <= 1.2.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Cyklodev WP Notify plugin versions = 1.2.1. Solution No patched version is available...

WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Testimonial Slider plugin versions = 1.3.1. Solution No patched version is available. No reply from the vendor...

WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to unauth. changing of Opt-In or Opt-Out tracking settings discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress LoginPress plugin versions = 1.6.2. Solution Update the WordPress LoginPress plugin to the latest available version at least...

WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AgentEasy Properties plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is...

WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...

WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in WordPress 4ECPS Web Forms plugin versions = 0.2.17. Solution Update the WordPress 4ECPS Web Forms plugin to the latest available version at least 0.2.18...

WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability

Unauth. Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in the WordPress WatchTowerHQ plugin versions = 3.6.15. Solution Update the WordPress WatchTowerHQ plugin to the latest available version at least 3.6.16...