WordPress Construction Lite theme <= 1.2.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Construction Lite theme versions = 1.2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Doko theme <= 1.0.27 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Doko theme versions = 1.0.27. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Accesspress Basic theme <= 3.2.1 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Accesspress Basic theme versions = 3.2.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Eightmedi Lite theme <= 2.1.8 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Eightmedi Lite theme versions = 2.1.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Cosmetics theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics theme versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Ripple theme <= 1.2.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Baby theme <= 1.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Baby theme versions = 1.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress WPparallax theme <= 2.0.6 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress WPparallax theme versions = 2.0.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Opstore theme <= 1.4.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Opstore theme versions = 1.4.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Arrival theme <= 1.4.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Arrival theme versions = 1.4.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress EightLaw Lite theme <= 2.1.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress EightLaw Lite theme versions = 2.1.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

WordPress StoreVilla theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress StoreVilla theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Bloger theme <= 1.2.6 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Bloger theme versions = 1.2.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress WP Store theme <= 1.1.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress WP Store theme versions = 1.1.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress FotoGraphy theme <= 2.4.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress FotoGraphy theme versions = 2.4.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

Access Demo Importer < 1.0.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check in place when activating installed plugins, which could allow an attacker to make a logged in admin perform such action via a CSRF attack...

WordPress Lean WP plugin <= 1.4.0 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jan w Oleju in WordPress Lean WP plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of March 31, 2020 and is not available for download. This closure is permanent. Reason: Author Request...

WordPress Ultra Seven theme <= 1.2.8 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Ultra Seven theme versions = 1.2.8. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress The Launcher theme <= 1.3.2 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress The Launcher theme versions = 1.3.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...