46578 matches found
WordPress Locations and Areas – Leaflet Map with Region Tabs plugin <= 1.7.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Locations and Areas – Leaflet Map with Region Tabs plugin versions = 1.7.0. Solution Update the WordPress Locations and Areas – Leaflet Map with Region Tabs plugin to the latest available version at least 1.7.1...
WordPress Tarot Card Oracle plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Tarot Card Oracle plugin versions = 1.0.5. Solution Update the WordPress Tarot Card Oracle plugin to the latest available version at least 1.0.6...
WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability via 'IP' discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...
WordPress Spider Event Calendar plugin <= 1.5.65 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Spider Event Calendar plugin versions = 1.5.65 by Krzysztof ZajÄ…c. Solution This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent. Deactivate the plugin and delete it...
WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline...
WordPress Custom Dashboard & Login Page – AGCA plugin <= 6.9.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by 0ppr2s in WordPress Custom Dashboard & Login Page – AGCA plugin versions = 6.9.5. Solution Update the WordPress Custom Dashboard & Login Page – AGCA plugin to the latest available version at least 7.0...
WordPress VMag theme <= 1.2.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress VMag theme versions = 1.2.7. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress Catch Themes Demo Import plugin <= 1.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Thinkland Security Team in WordPress Catch Themes Demo Import plugin versions = 1.7. Solution Update the WordPress Catch Themes Demo Import plugin to the latest available version at least 1.8...
WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress JobBoardWP – Job Board Listings and Submissions plugin versions = 1.0.7. Solution Update the WordPress JobBoardWP – Job Board Listings and Submissions plugin to the latest available...
WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Alliance in WordPress WP Project Manager plugin versions = 2.4.13. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 2.4.14...
WordPress Redux Framework plugin <= 4.2.11 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion vulnerability
Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion vulnerability discovered by Ramuel Gall WordFence in WordPress Redux Framework plugin versions = 4.2.11. Solution Update the WordPress Redux Framework plugin to the latest available version at least 4.2.13...
WordPress WordPress Download Manager plugin <= 3.1.24 - Authenticated Directory Traversal vulnerability
Authenticated Directory Traversal vulnerability discovered by Ramuel Gall WordFence in WordPress WordPress Download Manager plugin versions = 3.1.24. Solution Update the WordPress WordPress Download Manager plugin to the latest available version at least 3.1.25...
WordPress TaxoPress plugin <= 3.0.7.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress TaxoPress plugin versions = 3.0.7.1. Solution Update the WordPress TaxoPress plugin to the latest available version at least 3.0.7.2...
WordPress WP Super Cache plugin <= 1.7.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress WP Super Cache plugin versions = 1.7.2. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.3...
WordPress Delightful Downloads plugin <= 1.6.6 - Path Traversal vulnerability
Path Traversal vulnerability discovered by Nicholas Ferreira in WordPress Delightful Downloads plugin versions = 1.6.6. Solution Plugin closed. Deactivate and delete...
WordPress Mapplic premium plugin <= 6.1 - Stored Cross-Site Scripting (XSS) Injection via Server-Side Request Forgery (SSRF) vulnerability
Stored Cross-Site Scripting XSS Injection via Server-Side Request Forgery SSRF vulnerability discovered by Eagle Eye in WordPress Mapplic premium plugin versions = 6.1. Solution Update the WordPress Mapplic premium plugin to the latest available version at least 7.0...
WordPress WP-Lister for eBay plugin <= 2.0.20 - Unauthenticated Path Traversal vulnerability
Unauthenticated Path Traversal vulnerability found in WordPress WP-Lister for eBay plugin versions = 2.0.20. Solution Update the WordPress WP-Lister for eBay plugin to the latest available version at least 2.0.21...
WordPress Photo Gallery by 10Web plugin <= 1.5.45 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found by Vishnupriya Ilango Fortinet's FortiGuard Labs in WordPress Photo Gallery by 10Web plugin versions = 1.5.45. Solution Update the WordPress Photo Gallery by 10Web plugin to the latest available version at least 1.5.46...
WordPress Live Chat with Facebook Messenger plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found in WordPress Live Chat with Facebook Messenger plugin versions = 1.4.6. Solution Update the WordPress Live Chat with Facebook Messenger plugin to the latest available version at least 1.4.7...
WordPress <= 4.2.3 - XSS #2
This vulnerability exists in the WPNavMenuWidget class in wp-includes/default-widgets.php in the "form" function. It allows remote attackers to inject arbitrary web script or HTML via a widget title. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss Solution...
WordPress Legacy Theme <= 4.2.3 - XSS
This vulnerability exists in the Legacy theme preview implementation in wp-includes/theme.php. It allows an attacker to inject arbitrary HTML or web script via a crafted string. Solution Update the theme...
WordPress qTranslate Plugin <= 2.5.39 - XSS
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "edit" parameter. Solution Update the plugin...
WordPress Slider Revolution Plugin <= 4.1.4 - Arbitrary File Download
WordPress Slider Revolution plugin is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the plugin...
WordPress WPML Plugin <= 3.1.8 - Multiple Vulnerabilities
This WordPress Multilingual plugin is prone to SQL injection, missing authentication, page/post/menu deletion and reflected XSS vulnerabilities. Solution Update the plugin...
WordPress Easing Slider Plugin <= 2.2.0.6 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "edit" parameter. Solution Upgrade the plugin...
WordPress Contextual Related Posts Plugin <= 1.8.10.1 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...
WordPress Ad-Minister Plugin <= 0.6 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "key" parameter in a delete action to wp-admin/tools.php. Solution Update the plugin...
WordPress Events Manager Plugin <= 5.3.4 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "scope" parameter to index.php. Solution Update the plugin...
WordPress <= 2.0.11 - Multiple Directory Traversal
Because of these vulnerabilities, the attackers can read arbitrary files. Solution Update WordPress...
NPM: esbuild allows arbitrary file read when running the development server on Windows
NPM: esbuild allows arbitrary file read when running the development server on Windows vulnerability discovered by ? in WordPress Npm esbuild versions = 0.27.3, 0.28.1...
NPM: vm2 Has a Sandbox Breakout Using Async Generator
NPM: vm2 Has a Sandbox Breakout Using Async Generator vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.2...
WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation
Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...
WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10393 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 196d31d95c65 Credits 1337Wannabe...
WordPress LiteSpeed Cache Plugin <= 6.5.1 is vulnerable to Privilege Escalation
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.5.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50550 Patch priority High CVSS severity High 8.1 Developer Hai Zheng / Lite Speed Cache PSID a12edc6aefb8...
WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control
Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...
WordPress WPS Hide Login Plugin <= 1.9.15.2 is vulnerable to Bypass Vulnerability
Software WPS Hide Login Type Plugin Vulnerable versions = 1.9.15.2 Fixed in 1.9.16 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-2473 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6dff27358fc5 Credits Nicholas Mun Required...
WordPress Zeka Theme <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Zeka Type Theme Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34810 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e9edbf3a6c1 Credits Dhabaleshwar Das Required...
WordPress Jeg Elementor Kit Plugin < 2.5.7 is vulnerable to Broken Access Control
Software Jeg Elementor Kit Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-3805 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID cb8e3a1233cd Credits Ramuel Gall Required privile...
WordPress Videojs HTML5 Player plugin <= 1.1.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Videojs HTML5 Player plugin versions = 1.1.8. Solution Update the WordPress Videojs HTML5 Player plugin to the latest available version at least 1.1.9...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to private post/page title disclosure discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
WordPress Awesome Support plugin <= 6.1.1 - Auth. Arbitrary Exported Tickets Download vulnerability
Auth. Arbitrary Exported Tickets Download vulnerability discovered by dc11 in WordPress Awesome Support plugin versions = 6.1.1. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.1.2...
WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Custom Product Tabs for WooCommerce plugin versions = 1.7.9. Solution Update the WordPress Custom Product Tabs for WooCommerce plugin to the latest available version at least 1.8.0...
WordPress All in One SEO Pro plugin <= 4.2.5.1 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Rafie Muhammad Yeraisci in the WordPress All in One SEO Pro plugin versions = 4.2.5.1. Solution Update the WordPress All in One SEO Pro plugin to the latest available version at least 4.2.6...
WordPress Importer plugin <= 1.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstak Alliance in the WordPress Importer plugin versions = 1.0.2. Solution Update the WordPress WordPress Importer plugin to the latest available version at least 1.0.3...
WordPress WP Word Count plugin <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by lucy in the WordPress WP Word Count plugin versions = 3.2.3. Solution Deactivate and delete. This plugin has been closed as of October 6, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress YDS Support Ticket System plugin versions = 1.0. Solution No patched version is available. No reply from the vendor...
WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Export Post Info plugin versions = 1.1.0. Solution Update the WordPress Export Post Info plugin to the latest available version at least 1.2.0...
WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by John Blackbourn in WordPress versions = 6.0.1 Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...
WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Khalilov Moe in WordPress = 6.0.1 Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...
WordPress Visual Composer Website Builder plugin <= 45.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Title
Authenticated Stored Cross-Site Scripting XSS vulnerability via Title discovered by Zhouyuan Yang in WordPress Visual Composer Website Builder plugin versions = 45.0. Solution Update the WordPress Visual Composer Website Builder plugin to the latest available version at least 45.0.1...