WordPress Export Post Info plugin <= 1.2.0 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Export Post Info plugin versions = 1.2.0. Solution Update the WordPress Export Post Info plugin to the latest available version at least 1.2.1...

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability leading to review export discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version ...

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version at least 5.3.6...

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...

WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Lana Codes Patchstack Alliance in the WordPress FavIcon Switcher plugin versions = 1.2.11. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is...

WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress CPO Shortcodes plugin versions = 1.5.0 . Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is...

WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress GS Testimonial Slider plugin versions = 1.9.6. Solution Update the WordPress GS Testimonial Slider plugin to the latest available version at least 1.9.7...

WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Awesome Filterable Portfolio plugin versions = 1.9.7. Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download...

WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Awesome Support plugin versions = 6.0.7. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.8...

WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.3 Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the lates...

WordPress NOTICE BOARD plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress NOTICE BOARD plugin versions = 1.1. Solution No patched version is available...

WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Race Condition vulnerability

Race Condition vulnerability leading to votes increase/decrease discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Rate my Post – WP Rating System plugin versions = 3.3.4. Solution Update the WordPress Rate my Post – WP Rating System plugin to the latest available version at least 3.3....

WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress YDS Support Ticket System plugin versions = 1.0. Solution No patched version is available. No reply from the vendor...

WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Read more By Adam plugin versions = 1.1.8. Solution No patched version is available. No reply from the vendor...

WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress PCA Predict plugin versions = 1.0.3. Solution Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary...

WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Rasi Afeef Patchstack Alliance in the WordPress RD Station plugin versions = 5.2.0. Solution Update the WordPress RD Station plugin to the latest available version at least 5.2.1...

WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Contact Form By Mega Forms plugin versions = 1.2.4. Solution Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version at...

WordPress Culture Object plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Culture Object plugin versions = 4.0.1. Solution Update the WordPress Culture Object plugin to the latest available version at least 4.1.1...

WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Export Post Info plugin versions = 1.1.0. Solution Update the WordPress Export Post Info plugin to the latest available version at least 1.2.0...

WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) leading to Translations Update

Cross-Site Request Forgery CSRF leading to Translations Update discovered by Muhammad Daffa Patchstack Alliance in WordPress Booking Calendar plugin versions = 9.2.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.2.2...