WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress Backup Scheduler plugin versions = 1.5.13. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Rotating Posts plugin <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Rotating Posts plugin versions = 1.11. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress Image Slider by NextCode plugin <= 1.1.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by BEE-K in WordPress Image Slider by NextCode plugin versions = 1.1.2. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a...

WordPress Peter’s Collaboration E-mails plugin <= 2.2.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Peter’s Collaboration E-mails plugin versions = 2.2.0. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure i...

WordPress iQ Block Country plugin <= 1.2.13 - Protection Bypass due to IP Spoofing vulnerability

Protection Bypass due to IP Spoofing vulnerability discovered by Daniel Ruf in WordPress iQ Block Country plugin versions = 1.2.13. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Slideshow plugin <= 2.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slideshow plugin versions = 2.3.1. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Amazon Link plugin <= 3.2.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Amazon Link plugin versions = 3.2.10. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download. This closur...

WordPress Curtain plugin <= 1.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Hassan Khan Yusufzai Splint3r7 in the WordPress Curtain plugin versions = 1.0.2. Solution Deactivate and delete. This plugin has been closed as of April 27, 2022 and is not available for download. This closure is temporary, pending a...

WordPress Easily Generate Rest API Url plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by websafe2021 in WordPress Easily Generate Rest API Url plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of 29 March 2022 and is not available for download. This closure is temporary, pending a full...

WordPress Bank Mellat plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Bank Mellat plugin versions = 1.3.7. Solution Deactivate and delete. This plugin has been closed as of February 16, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Price Table plugin <= 0.2.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Price Table plugin versions = 0.2.2. Solution Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Orange Form plugin <= 1.0 - SQL Injection (SQLi) via Cross-Site Request Forgery (CSRF) vulnerability

SQL Injection SQLi via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Orange Form plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary,...

WordPress Filter Portfolio Gallery plugin <= 1.5 - Arbitrary Gallery Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Gallery Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Vishal Mohan in WordPress Filter Portfolio Gallery plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. This closure is...

WordPress WP Design Maps & Places plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP Design Maps & Places plugin versions = 1.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

WordPress Simple Post plugin <= 1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vikas Srivastava in WordPress Simple Post plugin versions = 1.1. Solution This plugin has been closed as of July 23, 2021 and is not available for download. This closure is temporary, pending a full review...

Veris: Reflected Cross site scripting

Program temporarily closed...