WordPress plugin Remote Content Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Remote Content...

WordPress WP Mail SMTP plugin <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure vulnerability

Authenticated Admin+ SMTP Password Exposure vulnerability discovered by Guus Verbeek in WordPress Plugin WP Mail SMTP by WPForms versions = 4.0.1...

WordPress CTX Feed plugin <= 6.5.6 - Arbitrary Options Update vulnerability

Arbitrary Options Update vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin CTX Feed versions = 6.5.6...

WordPress Quotes and Tips plugin < 1.45 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Peng Zhou zpbrent in WordPress Plugin Quotes And Tips versions 1.45...

WordPress WP Popups – WordPress Popup builder plugin <= 2.2.0.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin WP Popups versions = 2.2.0.1...

WordPress Appmaker plugin <= 1.36.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps versions = 1.36.12...

WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability

WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...

WordPress TOCHAT.BE plugin <= 1.3.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin TOCHAT.BE versions = 1.3.0...

WordPress HelloAsso plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin HelloAsso versions = 1.1.9...

WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Slider Revolution versions = 6.7.13...

WordPress Elementor Pro plugin <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Elementor Pro versions = 3.21.2...

WordPress Wrapper Link Elementor plugin 1.0.2, 1.0.3 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Wrapper Link Elementor versions 1.0.2,1.0.3...

WordPress Sparkle Demo Importer plugin <= 1.4.7 - Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability

Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability discovered by Lucio Sá in WordPress Plugin Sparkle Demo Importer versions = 1.4.7...

WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Zoho Marketing Automation versions = 1.2.7...

Wordpress Amelia plugin <= 1.1.5 (Free) <= 7.5.1 (Pro) - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Vinay Kumar in WordPress Plugin Amelia versions = 1.1.5...

WordPress Smush plugin <= 3.16.4 - Authenticated Resmush List Deletion vulnerability

Authenticated Resmush List Deletion vulnerability discovered by Truoc Phan in WordPress Plugin Smush Image Compression and Optimization versions = 3.16.4...

WordPress Hide Dashboard Notifications plugin <= 1.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Plugin Settings Modification vulnerability discovered by Francesco Carlucci in WordPress Plugin Hide Dashboard Notifications versions = 1.3...

WordPress Event Monster Plugin <= 1.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Event Management Tickets Booking versions = 1.4.3...

WordPress Newsletter - API addon for Newsletter plugin <= 2.4.5 - Missing Authorization to Email Subscribers Management vulnerability

WordPress Newsletter - API addon for Newsletter plugin = 2.4.5 - Missing Authorization to Email Subscribers Management vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Newsletter - API addon Premium versions = 2.4.5...

Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...