WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Chaty plugin versions = 2.8.3. Solution No patched version is available...

WordPress Plausible Analytics plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera Patchstack Alliance in WordPress Plausible Analytics plugin versions = 1.2.2. Solution Update the WordPress Plausible Analytics plugin to the latest available version at least 1.2.3...

WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability

Arbitrary File Read vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress WPvivid plugin versions = 0.9.70. Solution Update the WordPress WPvivid plugin to the latest available version at least 0.9.71...

WordPress WP-Appbox plugin <= 4.3.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by mirphak Patchstack Alliance in WordPress WP-Appbox plugin versions = 4.3.20. Solution Update the WordPress WP-Appbox plugin to the latest available version at least 4.4.0...

WordPress Pricing Table plugin <= 1.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Pricing Table plugin versions = 1.5.2. Solution No patched version is available...

WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress FV Flowplayer Video Player plugin versions = 7.5.18.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.19.727...

WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in WordPress Use Any Font plugin versions = 6.1.7. Solution Update the WordPress Use Any Font plugin to the latest available version at least 6.1.8...

WordPress WP Google Map Plugin <= 4.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:flippercode:wpgooglemap"; ifdescription...

WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Simple Event Planner plugin versions = 1.5.4. Solution Update the WordPress Simple Event Planner plugin to the latest available version at least 1.5.5...

WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress Simple Event Planner plugin versions = 1.5.4. Solution Update the WordPress Simple Event Planner plugin to the latest available version at least 1.5.5...

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

Cross-Site Request Forgery CSRF vulnerability leading to slider Duplicate/Delete discovered by Ngo Van Thien Patchstack Alliance in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...

WordPress Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...

WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability discovered by Dave Jong Patchstack in WordPress Responsive Menu plugin versions = 4.1.7. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.1.8...

WordPress Rearrange WooCommerce Products plugin <= 4.0.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Dave Jong Patchstack in WordPress Rearrange WooCommerce Products plugin versions = 4.0.2. Solution Update the WordPress Rearrange WooCommerce Products plugin to the latest available version at least 4.0.3...

WordPress Analytics Cat plugin <= 1.0.9 - Plugin Settings change via Cross-Site Request Forgery (CSRF) vulnerability

Plugin Settings change via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Analytics Cat plugin versions = 1.0.9. Solution Update the WordPress Analytics Cat plugin to the latest available version at least 1.1.0...

WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form X plugin versions = 2.4. Solution Update the WordPress Contact Form X plugin to the latest available version at least 2.4.1...

WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress WP Google Map plugin versions = 4.2.3. Solution Update the WordPress WP Google Map plugin to the latest available version at least 4.2.4...

WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Philippe Dourassov Patchstack Alliance in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...

WordPress Spiffy Calendar plugin <= 4.9.0 - Admin+ Persistent Cross-Site Scripting (XSS) vulnerability

Admin+ Persistent Cross-Site Scripting XSS vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability

Edit/Delete event via IDOR vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...