46606 matches found
WordPress WS Form LITE Plugin <= 1.9.217 is vulnerable to CSV Injection
Software WS Form LITE Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer WS Form PSID 7d55c6663718 Credits Duc Manh Required privilege Unauthenticated Published 7...
WordPress Slider Revolution Plugin < 6.7.0 is vulnerable to Broken Access Control
Software Slider Revolution Type Plugin Vulnerable versions 6.7.0 Fixed in 6.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34444 Patch priority Medium CVSS severity Medium 7.1 Developer ThemePunch PSID de1987954a97 Credits Rafie Muhammad Patchstack...
WordPress Payment Forms for Paystack Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Payment Forms for Paystack Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32130 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bdaaf2a9d240 Credits Ngô Thiên An ancorn from...
WordPress Pagination Styler for WooCommerce Plugin <= 3.5.7.6 is vulnerable to Broken Access Control
Software Pagination Styler for WooCommerce Type Plugin Vulnerable versions = 3.5.7.6 Fixed in 3.5.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9700cfe7197b Credits István...
WordPress ARForms Form Builder plugin <= 1.5.4 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability
Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress ARForms Form Builder plugin versions = 1.5.4. Solution No reply from the vendor...
WordPress Activello theme <= 1.4.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
Auth. Reflected Cross-Site Scripting XSS vulnerability in the ajax action 'activellodismissrequiredaction' discovered by Brandon Roldan Patchstack Alliance in WordPress Activello theme versions = 1.4.4. Solution No patched version available...
WordPress Smart Slider 3 plugin <= 3.5.1.9 - Auth. PHP Object Injection vulnerability
Auth. PHP Object Injection vulnerability discovered by Dave Jong Patchstack in WordPress Smart Slider 3 plugin versions = 3.5.1.9. Solution Update the WordPress Smart Slider 3 plugin to the latest available version at least 3.5.1.11...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to post/page status change to draft or published discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
WordPress WPB Show Core plugin <= 2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Abdulali AlDurazi in WordPress WPB Show Core plugin versions = 2.2. Solution No patched version is available...
WordPress Blog2Social plugin <= 6.9.11 - Missing Authorization to Auth. Settings Update vulnerability
Missing Authorization to Auth. Settings Update vulnerability discovered by Marco Wotschka in the WordPress Blog2Social plugin versions = 6.9.11. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.12...
WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings reset discovered by Muhammad Daffa Patchstack Alliance in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creative Mail plugin to the latest available version at least 1.6.0...
WordPress Traffic Manager plugin <= 1.4.5 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)
Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS discovered by Lana Codes Patchstack Alliance in the WordPress Traffic Manager plugin versions = 1.4.5. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for...
WordPress core <= 6.0.2 - Open redirect vulnerability
Open redirect vulnerability in wpnonceays discovered by devrayn in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress 5 Anker Connect plugin <= 1.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 5 Anker Connect plugin versions = 1.2.6. Solution Update the WordPress 5 Anker Connect plugin to the latest available version at least 1.2.7...
WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress PCA Predict plugin versions = 1.0.3. Solution Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary...
WordPress WP Cerber Security plugin <= 9.0 - User Enumeration Bypass vulnerability
User Enumeration Bypass vulnerability discovered by Margaux DABERT Intrinsec in WordPress WP Cerber Security plugin versions = 9.0. Solution Update the WordPress to the latest available version at least 9.1...
WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability
Authenticated Arbitrary File Read vulnerability discovered by Brandon James Roldan Patchstack Alliance in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...
WordPress Sensei LMS plugin <= 4.4.3 - Unauthenticated Private Messages Disclosure via Rest API vulnerability
Unauthenticated Private Messages Disclosure via Rest API vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin versions = 4.4.3. Solution Update the WordPress Sensei LMS plugin to the latest available version at least 4.5.0...
WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability via malicious SVG file upload discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...
WordPress Team plugin <= 4.1.1 - Authenticated Arbitrary File Read and Deletion vulnerability
Authenticated Arbitrary File Read and Deletion vulnerability discovered by Nhật Nam in WordPress Team plugin versions = 4.1.1. Solution Update the WordPress Team plugin to the latest available version at least 4.1.2...
WordPress HTML2WP plugin <= 1.0.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Daniel Ruf in WordPress HTML2WP plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in the WordPress Social Share Buttons by Supsystic plugin versions = 2.2.3. Solution Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version at least 2.2.4...
WordPress Core Control plugin <= 1.2.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Core Control plugin versions = 1.2.1. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is permane...
WordPress Filr Secure Document Library plugin <= 1.2.2 - Subscriber+ AJAX Calls vulnerability
Subscriber+ AJAX Calls vulnerability discovered by dc11 in WordPress Filr - Secure Document Library plugin versions = 1.2.2. Solution Update the WordPress Filr - Secure Document Library plugin to the latest available version at least 1.2.2.1...
WordPress User Meta plugin <= 2.4.3 - Local File Enumeration via Path Traversal vulnerability
Local File Enumeration via Path Traversal vulnerability discovered by Julien Ahrens in WordPress User Meta plugin versions = 2.4.3. Solution Update the WordPress User Meta plugin to the latest available version at least 2.4.4...
WordPress WP Meta SEO plugin <= 4.4.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Victor Pasman in WordPress WP Meta SEO plugin versions = 4.4.6. Solution Update the WordPress WP Meta SEO plugin to the latest available version at least 4.4.7...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...
WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability
Private Message Disclosure via IDOR vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...
WordPress WPQA - Builder forms Addon plugin < 5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...
WordPress Webba Booking plugin <= 4.2.21 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Webba Booking plugin versions = 4.2.21. Solution Update the WordPress Webba Booking plugin to the latest available version at least 4.2.22...
WordPress Sitemap by click5 plugin <= 1.0.35 - Unauthenticated Arbitrary Options Update vulnerability
Unauthenticated Arbitrary Options Update vulnerability discovered by cydave in WordPress Sitemap by click5 plugin versions = 1.0.35. Solution Update the WordPress Sitemap by click5 plugin to the latest available version at least 1.0.36...
WordPress Advanced Custom Fields plugin <= 5.12 - Database Information Access vulnerability
Database Information Access vulnerability was discovered by Keitaro Yamazaki Ierae Security Inc in the WordPress Advanced Custom Fields plugin versions = 5.12. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.12.1...
WordPress Nimble Page Builder plugin < 3.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Nimble Page Builder plugin versions 3.2.2. Solution Update the WordPress Nimble Page Builder plugin to the latest available version at least 3.2.3...
WordPress Caldera Forms plugin <= 1.9.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Caldera Forms plugin versions = 1.9.6. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.7...
WordPress Page Security & Membership plugin <= 1.5.15 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress Page Security & Membership plugin versions = 1.5.15. Solution Deactivate and delete. This plugin has been closed as of March 25, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Profile Builder plugin <= 3.6.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Abhinav Porwal in WordPress Profile Builder plugin versions = 3.6.7. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.8...
WordPress Logo Showcase with Slick Slider plugin <= 2.0 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF vulnerability
Arbitrary Media Title/Description/Alt Text/URL Update via CSRF vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 2.0. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 2.0.1...
WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability
Set Featured Brand vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...
WordPress Classic Editor Addon plugin <= 2.6.3 - Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery CSRF vulnerability discovered by Jan w Oleju in WordPress Classic Editor Addon plugin versions = 2.6.3. Solution Update the WordPress Classic Editor Addon plugin to the latest available version at least 2.6.4...
WordPress Ibtana plugin <= 1.1.4.8 - Plugin Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Plugin Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress Ibtana plugin versions = 1.1.4.8. Solution Update the WordPress Ibtana plugin to the latest available version at least 1.1.4.9...
WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Sensitive Data Disclosure vulnerability
Sensitive Data Disclosure vulnerability discovered by Nicolas Vidal from TEHTRIS in WordPress The Plus Addons for Elementor Pro premium plugin versions = 5.0.6. Solution Update the WordPress The Plus Addons for Elementor Pro premium plugin to the latest available version at least 5.0.7...
WordPress Customize Login Image plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd in WordPress Customize Login Image plugin versions = 3.5.2. Solution Update the WordPress Customize Login Image plugin to the latest available version at least 3.5.3...
WordPress Similar Posts plugin <= 3.1.5 - Arbitrary PHP Code Execution vulnerability
Arbitrary PHP Code Execution vulnerability discovered by bl4derunner in WordPress Similar Posts plugin versions = 3.1.5. Solution Update the WordPress Similar Posts plugin to the latest available version at least 3.1.6...
WordPress All In One SEO Pack plugin <= 4.1.0.1 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution RCE vulnerability discovered by darkpills in WordPress All In One SEO Pack plugin versions = 4.1.0.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 4.1.0.2...
WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability
Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability found by David Binovec in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
WordPress Hueman theme <= 3.6.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Hueman theme versions = 3.6.3. Solution Update the WordPress Hueman theme to the latest available version at least 3.6.4...
WordPress gboutique plugin <= 1.3 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress gboutique plugin versions = 1.3. Solution Plugin closed. Deactivate and delete...
WordPress Elementor Page Builder plugin <= 2.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Impenetrable in WordPress Elementor Page Builder plugin versions = 2.8.4. Solution Update the WordPress Elementor Page Builder plugin to the latest available version at least 2.8.5...
WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability
Local/Remote File Inclusion vulnerability found by Manuel Garcia Cardenas in WordPress Wechat Broadcast plugin versions = 1.2.0. Solution 2018 October 3rd - no patched version available to download. We recommend to deactivate and uninstall...
WordPress Apocalypse Meow plugin <=21.2.7 - BCrypt Authentication Bypass vulnerability
BCrypt Authentication Bypass vulnerability found by Steve Sc00bzT in WordPress Apocalypse Meow plugin versions =21.2.7. Solution Update the WordPress Apocalypse Meow plugin to the latest available version at least 21.2.8...