WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Backup by 10Web – Backup and Restore plugin versions = 1.0.20. Solution This plugin has been closed as of June 2, 2021 and is not available for download. This closure is permanent...

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Ngo Van Thien Sun Cyber Security Research Team Patchstack Red Team member in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.9. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available versio...

WordPress All 404 Redirect to Homepage plugin <= 1.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress All 404 Redirect to Homepage plugin versions = 1.20. Solution Update the WordPress All 404 Redirect to Homepage plugin to the latest available version at least 1.21...

WordPress SEO Redirection plugin <= 6.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress SEO Redirection plugin versions = 6.3 Solution Update the WordPress SEO Redirection plugin to the latest available version at least 6.4...

WordPress SEO Redirection plugin <= 6.3 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress SEO Redirection plugin versions = 6.3. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 6.4...

WordPress GA Google Analytics plugin <= 20210211 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress GA Google Analytics plugin versions = 20210211. Solution Update the WordPress GA Google Analytics plugin to the latest available version at least 20210719...

WordPress All 404 Redirect to Homepage plugin <= 1.20 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress All 404 Redirect to Homepage plugin versions = 1.20. Solution Update the WordPress All 404 Redirect to Homepage plugin to the latest available version at least 1.21...

WordPress Media File Renamer plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Red Team in the WordPress Media File Renamer plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

WordPress WordPress Goto premium theme <= 1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress WordPress Goto premium theme versions = 1.9. Solution Update the WordPress WordPress Goto premium theme to the latest available version at least 2.0...

WordPress Findeo premium theme <= 1.2.6 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress Findeo premium theme versions = 1.2.6. Solution Update the WordPress Findeo premium theme to the latest available version at least 1.3.1...

WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability

Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

WordPress WorkScout premium theme <= 2.0.31 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...

WordPress Controlled Admin Access plugin <= 1.5.1 - Improper Access Control & Privilege Escalation vulnerability

Improper Access Control & Privilege Escalation vulnerability discovered by m0ze Patchstack Red Team in WordPress Controlled Admin Access plugin versions = 1.5.1. Solution Update the WordPress Controlled Admin Access plugin to the latest available version at least 1.5.2...

WordPress Bello - Directory & Listing premium theme <= 1.5.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Bello - Directory & Listing premium theme versions = 1.5.9. Solution Update the WordPress Bello - Directory & Listing premium theme to the latest available version at least 1.6.0...

WordPress WP Super Cache plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability settings page discovered by m0ze Patchstack Red Team in WordPress WP Super Cache plugin versions = 1.7.1. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.2...

WordPress ThemeGrill Demo Importer plugin <= 1.6.2 - Bypass and Database Wipe vulnerability

Bypass and Database Wipe vulnerability discovered by Dave Patchstack in WordPress ThemeGrill Demo Importer plugin versions = 1.6.2. Solution Update the WordPress ThemeGrill Demo Importer plugin to the latest available version at least 1.6.3...