MariaDB: scripts loader (denial of service) vulnerability

1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor files...

WordPress Woocommerce Blocker Lite plugin <= 1.6.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by ThreatPress Security Research Team in WordPress Woocommerce Blocker Lite – Prevent fake orders and Blacklist fraud customers plugin versions = 1.6.5. Solution Update the WordPress Woocommerce Blocker Lite – Prevent fake orders and Blacklist...

WordPress Woocommerce Notifier Lite plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by ThreatPress Security Research Team in WordPress Woocommerce Notifier Lite- Send automated web push desktop notifications plugin versions = 1.5.1. Solution Update the WordPress Woocommerce Notifier Lite- Send automated web push desktop...

WordPress WooCommerce Quick Reports plugin <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by ThreatPress Security Research Team in WordPress WooCommerce Quick Reports plugin versions = 1.0.7. Solution 11 June 2018 - we were unable to find an updated version or its changelog...

WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability

Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

WordPress WooCommerce Product Attachment plugin <= 1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Product Attachment plugin versions = 1.1.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

WordPress WooCommerce Quick Reports plugin <= 1.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Quick Reports plugin versions = 1.0.6. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin versions = 1.8. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by ThreatPress Research Team in WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin versions = 1.8. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

WordPress Eu Cookie Notice plugin <= 1.0.6 - Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability found by ThreatPress Research Team in WordPress Eu Cookie Notice plugin versions = 1.0.7. Solution Update the WordPress Eu Cookie Notice plugin to the latest available version at least 1.0.7...

WordPress Advance Search for WooCommerce plugin <= 1.0.9 - Stored Cross-site scripting (XSS) vulnerability

Stored Cross-site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Advance Search for WooCommerce plugin versions = 1.0.9. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

Simple Contact Info plugin <= v1.1.9 - Authenticated Arbitrary File Deletion Vulnerability

Recently we ThreatPress discovered authenticated arbitrary file deletion vulnerability in Simple Contact Info plugin. The plugin has 6000+ active installs according to wordpress.org, but it has not been updated in 3 years. In inc/contat-ajax.php, The code in sciajaxdeleteiconcallback function...

WordPress Plugin Email Subscribers Newsletters 3.4.7 - Information Disclosure

WordPress Plugin Email Subscribers Newsletters 3.4.7 - Information Disclosure Exploit Title: WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure Google Dork: Date: 2018-01-23 Exploit Author: ThreatPress Security Vendor Homepage: http://icegram.com/ Software Link:...

WordPress Email Subscribers & Newsletters 3.4.7 Plugin - Information Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure Google Dork: Date: 2018-01-23 Exploit Author: ThreatPress Security Vendor Homepage: http://icegram.com/ Software Link:...

WordPress Email Subscribers And Newsletters 3.4.7 Information Disclosure

Exploit Title: WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure Google Dork: Date: 2018-01-23 Exploit Author: ThreatPress Security Vendor Homepage: http://icegram.com/ Software Link: https://wordpress.org/plugins/email-subscribers/ Version: 3.4.7 Tested on: WordPres...

WordPress Email Subscribers & Newsletters plugin <=3.4.7 - Missing Function Level Access Control vulnerability

Missing Function Level Access Control vulnerability that causes leakage of subscribers list found by ThreatPress in WordPress Email Subscribers & Newsletters plugin versions =3.4.7. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 3.4.8...