45686 matches found
WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability
Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability found by David Binovec in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
WordPress Customizr theme <= 4.3.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Customizr theme versions = 4.3.2. Solution Update the WordPress Customizr theme to the latest available version at least 4.3.3...
WordPress Ultimate Addons for Elementor plugin <= 1.24.1 - Registration Bypass vulnerability
Registration Bypass vulnerability discovered by WordFence in WordPress Ultimate Addons for Elementor plugin versions = 1.24.1. Solution Update the WordPress Ultimate Addons for Elementor plugin to the latest available version at least 1.24.2...
WordPress Booked premium plugin <= 2.2.5 - Broken Authentication vulnerability leading to Sensitive Information disclosure
Broken Authentication vulnerability leading to Sensitive Information disclosure discovered by Noman Riffat in WordPress Booked premium plugin versions = 2.2.5. Solution Update the WordPress Booked premium plugin to the latest available version at least 2.2.6...
WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection
This WordPress Ultimate Membership Pro plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update WordPress plugin to the newest stable and safe...
WordPress Super Cache Plugin <= 1.3 - XSS
This plugin is prone to: trunk/plugins/wptouch.php URI XSS, trunk/plugins/searchengine.php URI XSS, trunk/plugins/domain-mapping.php URI XSS, trunk/plugins/badbehaviour.php URI XSS, trunk/plugins/awaitingmoderation.php URI XSS, trunk/wp-cache.php wpnonceurl Function URI XSS vulnerability. Solutio...
WordPress <= 4.0.0 - Multiple Vulnerabilities #2
Because of multiple vulnerabilities in WordPress 4.0.0 and previous versions, the attackers can obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. Related records:...
WordPress DukaPress Plugin <=2.5.3 - Directory Traversal
This vulnerability is in the "dpimgresize" function in php/dp-functions.php. It allows the attackers to read arbitrary files in the "src" parameter to lib/dpimage.php. Solution Update the plugin...
WordPress <= 3.9.1 - Denial Of Service Attacks #1
The Incutio XML-RPC IXR Library, that is used in WordPress 3.9.1, does not limit the number of elements in an XML document. In that way the attackers can cause a denial of service attacks via a large document. Related records:...
WordPress <= 3.6.0 - Privilege Escalation
Because of this vulnerability, the authors can create an entry appearing as written by another user. Solution Update the plugin...
WordPress Sentinel Plugin <= 1.0.0 - SQL iNJECTION
Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...
WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #2
Because of this vulnerability in swfupload.swf, the attackers can inject arbitrary web script or HTML via the "buttonText" parameter. Solution Update the plugin...
WordPress Migration, Backup, Staging – WPvivid Backup & Migration plugin <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin WPvivid Backup and Migration versions = 0.9.116...
WordPress Wp Easy Allopass plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Wp Easy Allopass versions = 4.1.1...
WordPress Download Monitor Plugin <= 5.0.12 is vulnerable to Broken Access Control
Software Download Monitor Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10092 Patch priority Low CVSS severity Low 5.4 Developer WPChill PSID 47be9fcd45fd Credits Trương Hữu Phúc truonghuuphuc...
WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Path Traversal
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-47637 Patch priority Low CVSS severity Low 8.8 Developer Hai Zheng / Lite Speed Cache PSID 9f05c0b173ee Credits TaiYou Required privilege Author...
WordPress (Simply) Guest Author Name Plugin <= 4.34 is vulnerable to Cross Site Scripting (XSS)
Software Simply Guest Author Name Type Plugin Vulnerable versions = 4.34 Fixed in 4.35 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0254 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1614290005 Credits Francesco Carlucc...
WordPress Activello theme <= 1.4.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
Auth. Reflected Cross-Site Scripting XSS vulnerability in the ajax action 'activellodismissrecommendedplugins' discovered by Brandon Roldan Patchstack Alliance in the WordPress Activello theme versions = 1.4.4. Solution No patched version available...
WordPress Videojs HTML5 Player plugin <= 1.1.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Videojs HTML5 Player plugin versions = 1.1.8. Solution Update the WordPress Videojs HTML5 Player plugin to the latest available version at least 1.1.9...
WordPress Font Awesome 4 Menus plugin <= 4.7.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Font Awesome 4 Menus plugin versions = 4.7.0. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings reset discovered by Muhammad Daffa Patchstack Alliance in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creative Mail plugin to the latest available version at least 1.6.0...
WordPress 5 Anker Connect plugin <= 1.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 5 Anker Connect plugin versions = 1.2.6. Solution Update the WordPress 5 Anker Connect plugin to the latest available version at least 1.2.7...
WordPress Importer plugin <= 1.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstak Alliance in the WordPress Importer plugin versions = 1.0.2. Solution Update the WordPress WordPress Importer plugin to the latest available version at least 1.0.3...
WordPress WP Popup Builder plugin <= 1.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Popup Builder plugin versions = 1.2.8. Solution Update the WordPress WP Popup Builder plugin to the latest available version at least 1.2.9...
WordPress Gallery PhotoBlocks plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerabilities
Cross-Site Request Forgery CSRF vulnerabilities leading to Gallery Delete / Copy discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery PhotoBlocks plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...
WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability
Authenticated Arbitrary File Read vulnerability discovered by Brandon James Roldan Patchstack Alliance in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...
WordPress String Locator plugin <= 2.5.0 - Authenticated PHAR Deserialization vulnerability
Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress String Locator plugin versions = 2.5.0. Solution Update the WordPress String locator plugin to the latest available version at least 2.6.0...
WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Lana Codes in WordPress WP OAuth Server plugin versions = 3.0.4. Solution Update the WordPress WP OAuth Server plugin to the latest available version at least 4.0.1...
WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update
CSRF vulnerability leading to Google Maps API key update discovered by Rasi Afeef Patchstack Alliance in WordPress API KEY for Google Maps plugin versions = 1.2.1. Solution Update the WordPress API KEY for Google Maps plugin to the latest available version at least 1.2.2...
WordPress Easy SVG Support plugin <= 3.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via SVG
Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Easy SVG Support plugin versions = 3.2.0. Solution Update the WordPress Easy SVG Support plugin to the latest available version at least 3.3.0...
WordPress Events Made Easy plugin <= 2.2.80 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Events Made Easy plugin versions = 2.2.80. Solution Update the WordPress Events Made Easy plugin to the latest available version at least 2.2.81...
WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in the WordPress Social Share Buttons by Supsystic plugin versions = 2.2.3. Solution Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version at least 2.2.4...
WordPress Form Maker by 10Web plugin <= 1.14.11 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Abhinav Porwal & Hitesh Kumar in WordPress Form Maker by 10Web plugin versions = 1.14.11. Solution Update the WordPress Form Maker by 10Web plugin to the latest available version at least 1.14.12...
WordPress RSVPMaker plugin <= 9.2.6 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Tobias Kay Dalå oxnan in WordPress RSVPMaker plugin versions = 9.2.6. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 9.2.7...
WordPress AGIL plugin <= 1.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Chuang LI in WordPress AGIL plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of March 31, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Custom TinyMCE Shortcode Button plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom TinyMCE Shortcode Button plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress Menubar plugin <= 5.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Menubar plugin versions = 5.7.2. Solution Update the WordPress Menubar plugin to the latest available version at least 5.8...
WordPress Easy Digital Downloads plugin <= 2.11.5 - Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Payment Note Insertion via Cross-Site Request Forgery CSRF vulnerability was discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...
WordPress EXMAGE plugin <= 1.0.6 - Blind Server-Side Request Forgery (SSRF) vulnerability
Blind Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress EXMAGE plugin versions = 1.0.6. Solution Update the WordPress EXMAGE plugin to the latest available version at least 1.0.7...
WordPress Library File Manager plugin <= 5.2.2 - Arbitrary File Creation/Upload/Deletion vulnerability
Arbitrary File Creation/Upload/Deletion vulnerability discovered by Luan Pedersni in WordPress Library File Manager plugin versions = 5.2.2. Solution Update the WordPress Library File Manager plugin to the latest available version at least 5.2.3...
WordPress Pz-LinkCard plugin <= 2.4.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Pz-LinkCard plugin versions = 2.4.5.2. Solution Update the WordPress Pz-LinkCard plugin to the latest available version at least 2.4.5.3...
WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)
Contributor+ Path Traversal vulnerability leading to Remote Code Execution RCE discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...
WordPress Gyta BuyBack plugin <= 1.1.6 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Gyta BuyBack plugin versions = 1.1.6. Solution Update the WordPress Gyta BuyBack plugin to the latest available version at least 1.1.7...
WordPress WP Time Slots Booking Form plugin <= 1.1.62 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rubina Shaikh in WordPress WP Time Slots Booking Form plugin versions = 1.1.62. Solution Update the WordPress WP Time Slots Booking Form plugin to the latest available version at least 1.1.63...
WordPress WP HTML Mail plugin <= 3.0.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress WP HTML Mail plugin versions = 3.0.9. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.1...
WordPress Code Snippets plugin <= 2.14.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Code Snippets plugin versions = 2.14.2. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.3...
WordPress Customize Login Image plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd in WordPress Customize Login Image plugin versions = 3.5.2. Solution Update the WordPress Customize Login Image plugin to the latest available version at least 3.5.3...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.8.1. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at least...
WordPress All In One SEO Pack plugin <= 4.1.0.1 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution RCE vulnerability discovered by darkpills in WordPress All In One SEO Pack plugin versions = 4.1.0.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 4.1.0.2...
WordPress <= 5.5.1 - Mishandled deserialization requests vulnerability
Mishandled deserialization requests vulnerability found by Alex Concha in WordPress versions = 5.5.1. Solution Update the WordPress plugin to the latest available version at least 5.5.2...