3797 matches found
WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability
Edit/Delete event via IDOR vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...
WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by ThuraMoeMyint Patchstack Red Team project in WordPress Yasr – Yet Another Stars Rating plugin versions = 2.9.9. Solution Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version at least 3.0.0...
Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations
A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over ...
WordPress MaxGalleria plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in the WordPress MaxGalleria plugin versions = 6.2.7. Solution Update the WordPress MaxGalleria plugin to the latest available version at least 6.2.8...
WordPress Ultra Seven theme <= 1.2.8 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ultra Seven theme versions = 1.2.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Uncode Lite theme <= 1.3.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Uncode Lite theme versions = 1.3.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress AccessPress Root theme <= 2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress AccessPress Root theme versions = 2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress ScrollMe theme <= 2.1.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress ParallaxSome theme <= 1.3.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ParallaxSome theme versions = 1.3.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Agency Lite theme <= 1.1.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Agency Lite theme versions = 1.1.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress The100 theme <= 1.1.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The100 theme versions = 1.1.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability
Set Featured Brand vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...
WordPress Sakala theme <= 1.0.4 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Sakala theme versions = 1.0.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress The Launcher theme <= 1.3.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress The Launcher theme versions = 1.3.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress VMag theme <= 1.2.7 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress VMag theme versions = 1.2.7. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability
Server Information Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...
WordPress Brovy theme <= 1.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Brovy theme versions = 1.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Ripple theme <= 1.2.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Construction Lite theme <= 1.2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Construction Lite theme versions = 1.2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Eight Sec theme <= 1.1.4 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Eight Sec theme versions = 1.1.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...