WordPress Construction Lite theme <= 1.2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Construction Lite theme versions = 1.2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Cosmetics theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics theme versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress StoreVilla theme <= 1.4.1 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress StoreVilla theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Opstore theme <= 1.4.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Opstore theme versions = 1.4.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Baby theme <= 1.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Baby theme versions = 1.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Enlighten theme <= 1.3.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Enlighten theme versions = 1.3.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress WPparallax theme <= 2.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress WPparallax theme versions = 2.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline...

WordPress [GWA] AutoResponder plugin <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Multiple Persistent Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Multiple Persistent Cross-Site Scripting XSS discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...

WordPress [GWA] AutoResponder plugin <= 2.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation...

WordPress [GWA] AutoResponder <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) at &Subject

Cross-Site Request Forgery CSRF leading to Persistent Cross-Site Scripting XSS at &Subject discovered by m0ze Patchstack in WordPress GWA AutoResponder versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...

WordPress StoreVilla theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress StoreVilla theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

Cross-Site Request Forgery CSRF vulnerability leading to Data Reset Posts / Pages / Media discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...

WordPress FotoGraphy theme <= 2.4.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress FotoGraphy theme versions = 2.4.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Root theme <= 2.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Root theme versions = 2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress WP Store theme <= 1.1.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress WP Store theme versions = 1.1.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Eightmedi Lite theme <= 2.1.8 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Eightmedi Lite theme versions = 2.1.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Mag theme <= 2.6.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Mag theme versions = 2.6.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Parallax theme <= 4.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Parallax theme versions = 4.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress The100 theme <= 1.1.2 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress The100 theme versions = 1.1.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...