WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.6.1. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.6.2...

WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonial Builder plugin versions = 1.6.1. Solution Update the WordPress Testimonial plugin to the latest available version at least 1.6.2...

WordPress Email Tracker plugin <= 5.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion

Cross-Site Request Forgery CSRF vulnerabilities leading to single or bulk e-mail entries deletion discovered by Ex.Mi Patchstack in WordPress Email Tracker plugin versions = 5.2.6. Solution Update the WordPress Email Tracker plugin to the latest available version at least 5.2.7...

WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability

Authenticated Arbitrary File Download vulnerability discovered by Ex.Mi Patchstack in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...

WordPress Download Monitor plugin <= 4.4.6 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...

WordPress Age Gate plugin <= 2.17.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Nguyen Van Khanh Patchstack Alliance in the WordPress Age Gate plugin versions = 2.17.0. Solution Update the WordPress Age Gate plugin to the latest available version at least 2.17.1...

WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Red Team in WordPress Ivory Search plugin versions = 4.6.6. Vulnerable at &post parameter. Solution Update the WordPress Ivory Search plugin to the latest available version at least 4.7...

WordPress Google Maps Plugin < 8.1.13 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:codecabin:wpgomaps"; if description...

WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Red Team in WordPress Absolutely Glamorous Custom Admin plugin versions = 6.8. Solution Update the WordPress Absolutely Glamorous Custom Admin plugin to the latest available version at least 6.9, addition...

WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Vulnerable parameters: &filterid, &filteruser, &filterexpireddate, &filtercreateddate, &filterupdateddate. Solution Update the WordPress uListing...

WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability

Modify User Roles via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...

WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Popular Posts plugin versions = 5.3.3. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.4...

WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Vlad Visse Patchstack Red Team in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title. Solution Update the WordPress WP Google Maps...

WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Vlad Visse Patchstack Red Team in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2,...

WordPress Real Estate 7 premium theme <= 3.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Real Estate 7 premium theme versions = 3.1.0. Vulnerable parameter: "&ctcommunity=". Solution Update the WordPress Real Estate 7 premium theme to the latest available version at...