WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Ahn aka vigov5 Patchstack Alliance in WordPress Slideshow, Image Slider by 2J plugin versions = 1.3.54. Solution No patched version is available. No reply from the vendor...

WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Subscribe plugin versions = 1.2.12. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 1.2.13...

WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by Ex.Mi Patchstack in WordPress Subscribe To Comments Reloaded plugin versions = 211130. Solution Update the WordPress Subscribe To Comments Reloaded plugin to the latest available version at least 220502...

WordPress Countdown & Clock plugin <= 2.4.7 - Pro Features Lock Bypass vulnerability

Pro Features Lock Bypass vulnerability discovered by Ex.Mi Patchstack in WordPress Countdown & Clock plugin versions = 2.4.7. Solution No patched version is available...

WordPress Countdown & Clock plugin <= 2.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jeong Wonjun aka Pongchi Patchstack Alliance in WordPress Countdown & Clock plugin versions = 2.4.7. Solution No patched version is available...

WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Countdown & Clock plugin versions = 2.3.2. Solution Update the WordPress Countdown & Clock plugin to the latest available version at least 2.3.3...

WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version is available...

WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload

Unauthenticated Cross-Site Scripting XSS vulnerability via SVG image upload discovered by Ngo Van Thien Patchstack Alliance in WordPress Tripetto plugin versions = 5.1.4. Solution Update the WordPress Tripetto plugin to the latest available version at least 5.2.0...

WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version...

WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Night Mode plugin versions = 1.0.0. Solution Update the WordPress Night Mode plugin to the latest available version at least 1.4.0...

WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability

Subscriber+ Plugin Settings Update vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ShortPixel Adaptive Images plugin versions = 3.3.1. Solution Update the WordPress ShortPixel Adaptive Images plugin to the latest available version at least 3.4.0...

WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress 3xSocializer plugin versions = 0.98.22. Solution No patched version is available. Deactivate and delete. This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may n...

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which disclosed the flaw last week, said the bug w...

WordPress Webba Booking plugin <= 4.2.21 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Webba Booking plugin versions = 4.2.21. Solution Update the WordPress Webba Booking plugin to the latest available version at least 4.2.22...

WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Maintenance plugin versions = 6.0.7. Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...

WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by mirphak Patchstack Alliance in WordPress CalderaWP License Manager plugin versions = 1.2.11. Solution Deactivate and delete. The plugin is closed and no more maintained...

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import

Cross-Site Request Forgery CSRF vulnerability leading to Template Import discovered by Ex.Mi Patchstack in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification

Cross-Site Request Forgery CSRF vulnerability leading to Slider Creation / Modification discovered by Ex.Mi Patchstack in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...

WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Sync with Zoom Meetings

Cross-Site Request Forgery CSRF vulnerability leading to Sync with Zoom Meetings discovered by Ex.Mi Patchstack in WordPress eRoom plugin versions = 1.3.7. Solution Update the WordPress eRoom plugin to the latest available version at least 1.3.8...

WordPress Responsive Tabs plugin <= 4.0.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress Responsive Tabs plugin versions = 4.0.5. Solution No patched version is available...