WordPress Spiffy Calendar plugin <= 4.9.0 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by ThuraMoeMyint Patchstack Red Team project in WordPress Yasr – Yet Another Stars Rating plugin versions = 2.9.9. Solution Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version at least 3.0.0...

Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over ...

WordPress MaxGalleria plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in the WordPress MaxGalleria plugin versions = 6.2.7. Solution Update the WordPress MaxGalleria plugin to the latest available version at least 6.2.8...

WordPress Uncode Lite theme <= 1.3.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Uncode Lite theme versions = 1.3.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Ultra Seven theme <= 1.2.8 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ultra Seven theme versions = 1.2.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress AccessPress Root theme <= 2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress AccessPress Root theme versions = 2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Agency Lite theme <= 1.1.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Agency Lite theme versions = 1.1.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress The100 theme <= 1.1.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The100 theme versions = 1.1.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress ScrollMe theme <= 2.1.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress ParallaxSome theme <= 1.3.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ParallaxSome theme versions = 1.3.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability

Set Featured Brand vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...

WordPress Sakala theme <= 1.0.4 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Sakala theme versions = 1.0.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability

Server Information Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...

WordPress The Launcher theme <= 1.3.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The Launcher theme versions = 1.3.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Brovy theme <= 1.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Brovy theme versions = 1.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress VMag theme <= 1.2.7 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress VMag theme versions = 1.2.7. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Accesspress Mag theme <= 2.6.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Accesspress Mag theme versions = 2.6.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Eight Sec theme <= 1.1.4 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Eight Sec theme versions = 1.1.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Ripple theme <= 1.2.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...