WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in the WordPress Meet My Team plugin versions = 2.0.5. Solution Deactivate and delete. No reply from the vendor...

WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress History Timeline plugin versions = 1.0.5. Solution Deactivate and delete. No reply from the vendor...

WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability

Privilege Escalation vulnerability was discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Pop-up plugin versions = 1.0.9. Solution Update the WordPress Pop-up plugin to the latest available version at least 1.1.6...

WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in WordPress CallRail Phone Call Tracking plugin versions = 0.4.9. Solution Update the WordPress CallRail Phone Call Tracking plugin to the latest available versio...

WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress Captcha Code plugin versions = 2.7. Solution Update the WordPress Captcha Code plugin to the latest available version at least 2.8...

WordPress Easy Org Chart plugin <= 3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Easy Org Chart plugin versions = 3.1. Solution Deactivate and delete. This plugin has been closed as of July 29, 2022 and is not available for download. This closure is...

WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability leading to API Key Update

Cross-Site Request Forgery CSRF vulnerability leading to API Key Update discovered by Rasi Afeef Patchstack Alliance in WordPress GetResponse plugin versions = 5.5.20. Solution Update the WordPress GetResponse for WordPress plugin to the latest available version at least 5.5.21...

WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Blossom Recipe Maker plugin versions = 1.0.7. Solution Deactivate and delete. No reply from the vendor...

WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress add2fav plugin versions = 1.0. Solution No patched version available...

WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability

Unauthenticated Event Deletion vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Event Calendar – Calendar plugin versions = 1.4.6. Solution Update the WordPress Event Calendar – Calendar plugin to the latest available version at least 1.4.7...

WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress Better Font Awesome plugin versions = 2.0.1. Solution Update the WordPress Better Font Awesome plugin to the latest available version at least 2.0.2...

WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Poll, Survey, Questionnaire and Voting system plugin versions = 1.7.4. Solution No patched version available...

WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability

Missing Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accommodation System plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress SEO Scout plugin versions = 0.9.83. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...

WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress wp-forecast plugin versions = 7.5. Solution Update the WordPress wp-forecast plugin to the latest available version at least 7.6...

WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Access Code Feeder plugin versions = 1.0.3. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending...

WordPress Better Messages plugin <= 1.9.10.57 - Denial Of Service (DoS) vulnerability

Denial Of Service DoS vulnerability was discovered by Dhakal Ananda Patchstack Alliance in the WordPress Better Messages plugin versions = 1.9.10.57. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.58...

WordPress Search Exclude plugin <= 1.2.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Search Exclude plugin versions = 1.2.6. Solution Update the WordPress Search Exclude plugin to the latest available version at least 1.2.7...

WordPress Notification Bar for WordPress plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Notification Bar for WordPress plugin versions = 1.1.8. Solution Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This...

WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Universe Patchstack Alliance in WordPress Uploading SVG, WEBP and ICO files plugin versions = 1.0.1. Solution No patched version is available. Ignored by the vendor...