WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability

Unauthenticated plugin settings change vulnerability discovered by ptsfence Patchstack Alliance in WordPress THE Leads Management System: 59sec LITE plugin versions = 3.4.1. Solution Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This...

WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability was discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in the WordPress Rank Math SEO plugin versions = 1.0.95. Solution Update the WordPress WordPress SEO Plugin – Rank Math plugin to the latest available version at least 1.0.95.1...

WordPress Gallery PhotoBlocks plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerabilities

Cross-Site Request Forgery CSRF vulnerabilities leading to Gallery Delete / Copy discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery PhotoBlocks plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Gallery PhotoBlocks plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress SP Project & Document Manager plugin versions = 4.59. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.62...

WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress amCharts: Charts and Maps plugin versions = 1.4. Solution Update the WordPress amCharts: Charts and Maps plugin to the latest available version at least 1.4.1...

WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability

Authenticated Arbitrary File Edit/Upload vulnerability discovered by Vlad Vector Patchstack in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Contest Gallery plugin versions = 17.0.4. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 17.0.5...

WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress WP Hotel Booking plugin versions = 1.10.5. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.6...

WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability

Broken Authentication vulnerability leading to unauthenticated post update/create/delete discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ActiveDEMAND plugin versions = 0.2.27. Solution Update the WordPress ActiveDEMAND plugin to the latest available version at least 0.2.28...

WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...

WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to template status change discovered by Muhammad Daffa Patchstack Alliance in WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...

WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Button Plugin MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to review deletion discovered by Ngo Van Thien Patchstack Alliance in WordPress Rich Reviews by Starfish plugin versions = 1.9.14. Solution No patched version available...

WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Muhammad Daffa Patchstack Alliance in WordPress MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability via malicious SVG file upload discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...

WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to API key change discovered by Muhammad Daffa Patchstack Alliance in WordPress MailerLite – Signup forms official plugin versions = 1.5.7. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least...

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...

WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Floating Div plugin versions = 3.0. Solution No patched version available...

WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress BxSlider WP plugin versions = 2.0.0. Solution No patched version is available...