WordPress GS Testimonial Slider plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress GS Testimonial Slider plugin versions = 1.9.5. Solution Update the WordPress GS Testimonial Slider plugin to the latest available version at least 1.9.6...

WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Tabs plugin versions = 3.6.0. Solution Update the WordPress Tabs plugin to the latest available version at least 3.7.0...

WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.1.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.2.0...

WordPress Flipbox plugin <= 2.6.0 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Flipbox plugin versions = 2.6.0. Solution Update the WordPress Flipbox plugin to the latest available version at least 2.6.1...

WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities were discovered by m0ze Patchstack in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason: Licensing/Trademark...

WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason:...

WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated SQL Injection SQLi vulnerabilities were discovered by Lenon Leite Patchstack Alliance in the WordPress Homepage Product Organizer for WooCommerce plugin versions = 1.1. Solution No patched version is available. We were unable to contact the vendor...

WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 3.0.1. Solution No patched version is available. No way to contact the vendor...

WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability

Authenticated Arbitrary File Read via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...

WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability

Authenticated Arbitrary File Creation via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...

WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in the WordPress WP Visitor Statistics plugin versions = 5.7. Solution Update the WordPress WP Visitor Statistics plugin to the latest available version at least 5.8...

WordPress Accordions plugin <= 2.0.2 - Unauthenticated WordPress Options Change vulnerability

Unauthenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Accordions plugin versions = 2.0.2. Solution Update the WordPress Accordions plugin to the latest available version at least 2.0.3...

WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability

Authenticated Arbitrary Code Execution vulnerability discovered by Universe Patchstack Alliance in WordPress Import any XML or CSV File to WordPress plugin versions = 3.6.7. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.6.8...

WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Social Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress WP Meta SEO plugin versions = 4.4.8. Solution Update the WordPress WP Meta SEO plugin to the latest available version at least 4.4.9...

WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack in WordPress WP Maintenance plugin versions = 6.0.7 Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...

WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.7 - Broken Access Control vulnerability leading to &yikes-the-content-toggle option update

Broken Access Control vulnerability leading to &yikes-the-content-toggle option update discovered by Tien Nguyen Anh Patchstack Alliance in WordPress Custom Product Tabs for WooCommerce plugin versions = 1.7.7. Solution Update the WordPress Custom Product Tabs for WooCommerce plugin to the latest...

WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change

Cross-Site Request Forgery CSRF vulnerability leading to Popup Status Change discovered by BEE-K Patchstack in WordPress Popup Builder plugin versions = 4.1.0. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.1.1...

WordPress Social Media Share Buttons plugin <= 3.8.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Social Media Share Buttons plugin versions = 3.8.4. Solution Update the WordPress Social Media Share Buttons plugin to the latest available version at least 3.8.5...

WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress XO Slider plugin versions = 3.3.2. Solution Update the WordPress XO Slider plugin to the latest available version at least 3.3.3...

WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Admin Management Xtended plugin versions = 2.4.4. Solution Update the WordPress Admin Management Xtended plugin to the latest available version at least 2.4.5...