45686 matches found
WordPress Visualizer plugin <= 3.7.9 - Authenticated PHAR Deserialization vulnerability
Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Visualizer plugin versions = 3.7.9. Solution Update the WordPress Visualizer plugin to the latest available version at least 3.7.10...
WordPress Jquery Validation For Contact Form 7 plugin <= 5.2 - Arbitrary Options Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Options Update via Cross-Site Request Forgery CSRF vulnerability discovered by Gibran Abdillah in WordPress Jquery Validation For Contact Form 7 plugin versions = 5.2. Solution Update the WordPress Jquery Validation For Contact Form 7 plugin to the latest available version at least 5.3...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.9.7 - Reflected Cross-Site-Scripting (XSS) vulnerability
Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Shortcodes and extra features for Phlox theme plugin versions = 2.9.7. Solution Update the WordPress Shortcodes and extra features for Phlox theme plugin to the latest available version at least 2.9.8...
WordPress Mihdan: No External Links plugin <= 5.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Nitin Gaikwad in WordPress Mihdan: No External Links plugin versions = 5.0.1. Solution Update the WordPress Mihdan: No External Links plugin to the latest available version at least 5.0.2...
WordPress JupiterX premium plugin <= 2.0.7 - Authenticated Privilege Escalation and Post deletion vulnerability
Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress JupiterX premium plugin versions = 2.0.7. Solution Update the WordPress JupiterX premium plugin to the latest available version at least 2.0.8...
WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability
Authenticated Local File Inclusion LFI vulnerability discovered by 0xB9 Patchstack Alliance in WordPress Hover Effects plugin versions = 2.1. Solution Update the WordPress Hover Effects plugin to the latest available version at least 2.1.1...
WordPress XML Sitemap Generator for Google plugin <= 2.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress XML Sitemap Generator for Google plugin versions = 2.0.3. Solution Update the WordPress XML Sitemap Generator for Google plugin to the latest available version at least 2.0.4...
WordPress Better Click To Tweet plugin <= 5.10.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Better Click To Tweet plugin versions = 5.10.1. Solution Update the WordPress Better Click To Tweet plugin to the latest available version at least 5.10.2...
WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability
Private Message Disclosure via IDOR vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...
WordPress WPQA - Builder forms Addon plugin < 5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...
WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability
Multiple Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...
WordPress Fancy Product Designer plugin <= 4.7.5 – Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary File Upload discovered by Lin Yu in WordPress Fancy Product Designer plugin versions = 4.7.5. Solution Update the WordPress Fancy Product Designer plugin to the latest available version at least 4.7.6...
WordPress SearchIQ plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by cydave in WordPress SearchIQ plugin versions = 3.8. Solution Update the WordPress SearchIQ plugin to the latest available version at least 3.9...
WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin versions = 3.6.7. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.8...
WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress MC4WP plugin versions = 4.8.6. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.7...
WordPress CodeKit – Custom Codes Editor plugin <= 2.2.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress CodeKit – Custom Codes Editor plugin versions = 2.2.9. Solution Update the WordPress CodeKit – Custom Codes Editor plugin to the latest available version at least 2.3...
WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form X plugin versions = 2.4. Solution Update the WordPress Contact Form X plugin to the latest available version at least 2.4.1...
WordPress Header Footer Code Manager plugin <= 1.1.16 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Header Footer Code Manager plugin versions = 1.1.16. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.17...
WordPress Cost Calculator plugin <= 1.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Cost Calculator plugin versions = 1.5. Solution Update the WordPress Cost Calculator plugin to the latest available version at least 1.6...
WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability
Set Featured Brand vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...
WordPress Ad Inserter plugin <= 2.7.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Ad Inserter plugin versions = 2.7.9. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.10...
WordPress PPOM for WooCommerce plugin <= 23.9 - Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof ZajÄ…c in WordPress PPOM for WooCommerce plugin versions = 23.9. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 24.0...
WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress Backup and Staging by WP Time Capsule plugin versions = 1.22.6. Solution Update the WordPress Backup and Staging by WP Time Capsule plugin to the latest available version at least 1.22.7...
WordPress CorreosExpress plugin <= 2.6.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by José Aguilera in WordPress CorreosExpress plugin versions = 2.6.0. Solution Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue...
WordPress Preview E-mails for WooCommerce plugin <= 1.6.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Preview E-mails for WooCommerce plugin versions = 1.6.8. Solution Update the WordPress Preview E-mails for WooCommerce plugin to the latest available version at least 2.0.0...
WordPress Google Language Translator plugin <= 6.0.11 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Google Language Translator plugin versions = 6.0.11. Solution Update the WordPress Google Language Translator plugin to the latest available version at least 6.0.12...
WordPress Custom Text Selection Colors plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Custom Text Selection Colors plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress WordPress Download Manager plugin <= 3.1.24 - Authenticated Directory Traversal vulnerability
Authenticated Directory Traversal vulnerability discovered by Ramuel Gall WordFence in WordPress WordPress Download Manager plugin versions = 3.1.24. Solution Update the WordPress WordPress Download Manager plugin to the latest available version at least 3.1.25...
WordPress SEO Backlinks plugin <= 4.0.1 – Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Takahiro Yamashita Cryptography Laboratory - Tokyo Denki University in WordPress SEO Backlinks plugin versions = 4.0.1. Solution This plugin has been closed as of July 23, 2021 and is not...
WordPress ProfilePress plugin 3.0 – 3.1.3 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...
WordPress wpForo Forum plugin <= 1.9.6 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Hosein Vita in WordPress wpForo Forum plugin versions = 1.9.6. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 1.9.7...
WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin <= 1.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin versions = 1.3.1. Solution Update the WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin to the lates...
WordPress LearnDash LMS premium plugin <= 3.1.5 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered in WordPress LearnDash LMS premium plugin versions = 3.1.5. Solution Update the WordPress LearnDash LMS premium plugin to the latest available version at least 3.1.6...
WordPress File Manager plugin <= 6.4 - Backup File Directory Listing vulnerability
Backup File Directory Listing vulnerability found by zerodetail & ratherbland in WordPress File Manager plugin versions = 6.4. Solution Update the WordPress File Manager plugin to the latest available version at least 6.5...
WordPress bbPress plugin <= 2.6.4 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Raphael Karger in WordPress bbPress plugin versions = 2.6.4. Solution Update the WordPress bbPress plugin to the latest available version at least 2.6.5...
WordPress Photo Gallery by 10Web plugin <= 1.5.45 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found by Vishnupriya Ilango Fortinet's FortiGuard Labs in WordPress Photo Gallery by 10Web plugin versions = 1.5.45. Solution Update the WordPress Photo Gallery by 10Web plugin to the latest available version at least 1.5.46...
WordPress SlickQuiz plugin <= 1.3.7.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by Julien Ahrens in WordPress SlickQuiz plugin versions = 1.3.7.1. Solution 11 September 2019 - we were unable to find a patched version of this plugin...
WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability
Local/Remote File Inclusion vulnerability found by Manuel Garcia Cardenas in WordPress Wechat Broadcast plugin versions = 1.2.0. Solution 2018 October 3rd - no patched version available to download. We recommend to deactivate and uninstall...
WordPress <= 4.2.3 - CSRF
This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action. Solution Update the plugin...
WordPress ACF Frontend Display Plugin 2.0.5 - File Upload
ACF Frontend Display plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...
WordPress WPML Plugin <= 3.1.8 - Multiple Vulnerabilities
This WordPress Multilingual plugin is prone to SQL injection, missing authentication, page/post/menu deletion and reflected XSS vulnerabilities. Solution Update the plugin...
WordPress BulletProof Security Plugin <= .51 - SSRF
Because of this server side request forgery vulnerability in admin/htaccess/bpsunlock.php, the attackers can trigger outbound requests that authenticate to arbitrary databases via the "dbhost" parameter. Solution Update the plugin...
WordPress All In One WP Security Plugin 3.8.2 - SQL Injection
This WordPress All In One WP Security plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Google Calendar Events Plugin <= 2.0.3 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "gcefeedids" parameter in a gceajax action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...
WordPress Contextual Related Posts Plugin <= 1.8.10.1 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...
WordPress Terillion Reviews Plugin <= 1.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the ProfileId field. Solution Update the plugin...
WordPress <= 3.5.1 - External Entity Injection
Because of this vulnerability, the attackers can read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference. Solution Update the plugin...
WordPress 3.3.1 - Multiple CSRF Vulnerabilities
WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token wpnonce, wpnoncecreate-user, ajaxnonce, wpnonce-custom-background-upload, wpnonce-custom-header-upload generation. Multiple CSRF allow ...
WordPress <= 0.7 - SQL injection
Because of this vulnerability in log.header.php, the attackers can execute arbitrary SQL commands via the posts variable. Solution Update the plugin...