19 matches found
WordPress Passster plugin <= 3.5.5.5.1 - Insecure Storage of Password vulnerability
Insecure Storage of Password vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Passster plugin versions = 3.5.5.5.1. Solution Update the WordPress Passster – Password Protection plugin to the latest available version at least 3.5.5.5.2...
WordPress reSmush.it Image Optimizer plugin <= 0.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress reSmush.it Image Optimizer plugin versions = 0.4.5. Solution Update the WordPress reSmush.it plugin to the latest available version at least 0.4.6...
WordPress Simple File List plugin <= 4.4.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Simple File List plugin versions = 4.4.11. Solution Update the WordPress Simple File List plugin to the latest available version at least 4.4.12...
WordPress Frontend File Manager plugin <= 21.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Frontend File Manager plugin versions = 21.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.3...
WordPress Post SMTP Mailer/Email Log plugin <= 2.1.6 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability
Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Post SMTP Mailer/Email Log plugin versions = 2.1.6. Solution Update the WordPress Post SMTP Mailer/Email Log plugin to the latest available version at least 2.1.7...
WordPress WP Database Backup Plugin <= 5.8.3 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in WP Database Backup plugin versions = 5.8.3 Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.9...
WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Raad Haddad in the WordPress Simply Schedule Appointments plugin versions = 1.5.7.6. Solution Update the WordPress Simply Schedule Appointments plugin to the latest available version at least 1.5.7.7...
WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Raad Haddad in WordPress Simply Schedule Appointments plugin versions = 1.5.7.6. Solution Update the WordPress Simply Schedule Appointments plugin to the latest available version at least 1.5.7.7...
WordPress WPIDE – File Manager & Code Editor plugin <= 2.6 - Authenticated Local File Inclusion (LFI) vulnerability
Authenticated Local File Inclusion LFI vulnerability discovered by Raad Haddad in WordPress WPIDE – File Manager & Code Editor plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...
WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...
WordPress WP Social Chat plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP Social Chat plugin versions = 6.0.4. Solution Update the WordPress WP Social Chat plugin to the latest available version at least 6.0.5...
WordPress Easy Student Results plugin <= 2.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Easy Student Results plugin versions = 2.2.8. Solution Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Thinkific Uploader plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Thinkific Uploader plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a fu...
WordPress WSM Downloader plugin <= 1.4.0 - Domain Name Restriction Bypass vulnerability
Domain Name Restriction Bypass vulnerability discovered by Raad Haddad in WordPress WSM Downloader plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of July 8, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress User Private Files plugin <= 1.1.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Raad Haddad in WordPress User Private Files plugin versions = 1.1.2. Solution Update the WordPress User Private Files plugin to the latest available version at least 1.1.3...
WordPress Featured Image from URL plugin <= 3.9.9 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin versions = 3.9.9. Solution Update the WordPress Featured Image from URL plugin to the latest available version at least 4.0.0...
WordPress GiveWP plugin <= 2.21.2 - DoS via Cross-Site Request Forgery (CSRF) vulnerability
DoS via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...
WordPress GiveWP plugin <= 2.21.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...
WordPress Unyson plugin <= 2.7.26 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Unyson plugin versions = 2.7.26. Solution Update the WordPress to the latest available version at least 2.7.27...