46606 matches found
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Bruno Halltari in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.8. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.9...
WordPress Ultimate Member plugin <= 2.3.1 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Ruijie Li in WordPress Ultimate Member plugin versions = 2.3.1. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.3.2...
WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability
Cross-Site Request Forgery CSRF leads to Arbitrary File Upload vulnerability discovered in Rara One Click Demo Import plugin versions = 1.2.9 by BEE-K. Solution Update the WordPress Rara One Click Demo Import plugin to the latest available version at least 1.3.0...
WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability
Multiple Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...
WordPress IgniteUp – Coming Soon and Maintenance Mode plugin <= 3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Kaushalendra Dubey in WordPress IgniteUp – Coming Soon and Maintenance Mode plugin versions = 3.4.1. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is...
WordPress Photo Gallery plugin <= 1.6.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Photo Gallery plugin versions = 1.6.2. Solution Update the WordPress Photo Gallery plugin to the latest available version at least 1.6.3...
WordPress All In One WP Security plugin <= 4.4.10 - Authenticated Arbitrary Redirect / Reflected XSS vulnerability
Authenticated Arbitrary Redirect / Reflected XSS vulnerability discovered by JrXnm in WordPress All In One WP Security plugin versions = 4.4.10. Solution Update the WordPress All In One WP Security plugin to the latest available version at least 4.4.11...
WordPress Documentor plugin <= 1.5.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Documentor plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Easy Digital Downloads plugin <= 2.11.5 - Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Payment Note Insertion via Cross-Site Request Forgery CSRF vulnerability was discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...
WordPress Sync WooCommerce Product feed to Google Shopping plugin <= 1.2.4 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by 0xdecafbad in WordPress Sync WooCommerce Product feed to Google Shopping plugin versions = 1.2.4. Solution Deactivate and delete. This plugin has been closed as of February 21, 2022 and is not available for download. This closure is temporary, pendin...
WordPress GTranslate plugin <= 2.9.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Account Takeover
Cross-Site Request Forgery CSRF vulnerability leading to Account Takeover discovered in WordPress GTranslate plugin versions = 2.9.8. Solution Update the WordPress GTranslate plugin to the latest available version at least 2.9.9...
WordPress Conference Scheduler plugin <= 2.4.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Conference Scheduler plugin versions = 2.4.2. Solution Update the WordPress Conference Scheduler plugin to the latest available version at least 2.4.3...
WordPress Sermon Browser plugin <= 0.45.22 - Arbitrary File Upload via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary File Upload via Cross-Site Request Forgery CSRF vulnerability discovered by Krishna Harsha Kondaveeti in WordPress Sermon Browser plugin versions = 0.45.22. Solution Deactivate and delete. This plugin has been closed as of February 4, 2022 and is not available for download. This closure...
WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure
Sensitive Information Disclosure vulnerability discovered in WordPress wpDiscuz plugin versions = 7.3.11 by Muhammad Daffa. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.3.12...
WordPress Grand FlaGallery plugin <= 6.1.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Tyler Miller in WordPress Grand FlaGallery plugin versions = 6.1.2. Solution Deactivate and delete. This plugin has been closed as of November 12, 2021 and is not available for download. Reason: Security Issue...
WordPress Remove Footer Credit plugin <= 1.0.10 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Remove Footer Credit plugin versions = 1.0.10. Solution Update the WordPress Remove Footer Credit plugin to the latest available version at least 1.0.11...
WordPress Arrival theme <= 1.4.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Arrival theme versions = 1.4.2. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress Backup and Staging by WP Time Capsule plugin versions = 1.22.6. Solution Update the WordPress Backup and Staging by WP Time Capsule plugin to the latest available version at least 1.22.7...
WordPress Chaty Pro premium plugin <= 2.8.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Chaty Pro premium plugin versions = 2.8.1. Solution Update the WordPress Chaty Pro premium plugin to the latest available version at least 2.8.2...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.8.1. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at least...
WordPress Age Gate plugin <= 2.17.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Nguyen Van Khanh Patchstack Alliance in the WordPress Age Gate plugin versions = 2.17.0. Solution Update the WordPress Age Gate plugin to the latest available version at least 2.17.1...
WordPress Affiliates Manager plugin <= 2.8.6 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered by JrXnm in WordPress Affiliates Manager plugin versions = 2.8.6. Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.8.7...
WordPress Google Language Translator plugin <= 6.0.11 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Google Language Translator plugin versions = 6.0.11. Solution Update the WordPress Google Language Translator plugin to the latest available version at least 6.0.12...
WordPress Request Quote via Whatsapp for Woocommerce plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Request Quote via Whatsapp for Woocommerce plugin versions = 1.0.1. Solution This plugin has been closed as of September 25, 2019 and is not available for download...
WordPress Custom Text Selection Colors plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Custom Text Selection Colors plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress SEO Backlinks plugin <= 4.0.1 – Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Takahiro Yamashita Cryptography Laboratory - Tokyo Denki University in WordPress SEO Backlinks plugin versions = 4.0.1. Solution This plugin has been closed as of July 23, 2021 and is not...
WordPress Newspaper premium theme <= 10.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress Newspaper premium theme versions = 10.4. Solution Update the WordPress Newspaper premium theme to the latest available version at least 11,...
WordPress Custom css-js-php plugin <= 2.0.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet WordPress Custom css-js-php plugin versions = 2.0.7. Solution This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...
WordPress JNews premium theme <= 8.0.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress JNews premium theme versions = 8.0.5. Solution Update the WordPress JNews premium theme to the latest available version at least 8.0.6...
WordPress WP Fastest Cache plugin <= 0.9.1.6 - Authenticated Arbitrary File Deletion via Path Traversal vulnerability
Authenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Gen Sato in WordPress WP Fastest Cache plugin versions = 0.9.1.6. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.9.1.7...
WordPress NextGEN Gallery Pro premium plugin <= 3.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Mg Thura Moe Myint in WordPress NextGEN Gallery Pro premium plugin versions = 3.1.9. Solution Update the WordPress NextGEN Gallery Pro premium plugin to the latest available version at least 3.1.11...
WordPress File Manager plugin <= 6.4 - Backup File Directory Listing vulnerability
Backup File Directory Listing vulnerability found by zerodetail & ratherbland in WordPress File Manager plugin versions = 6.4. Solution Update the WordPress File Manager plugin to the latest available version at least 6.5...
WordPress OneTone theme <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress OneTone theme versions = 3.0.6. Solution No patched version is available...
WordPress Booked premium plugin <= 2.2.5 - Broken Authentication vulnerability leading to Sensitive Information disclosure
Broken Authentication vulnerability leading to Sensitive Information disclosure discovered by Noman Riffat in WordPress Booked premium plugin versions = 2.2.5. Solution Update the WordPress Booked premium plugin to the latest available version at least 2.2.6...
WordPress LearnDash LMS premium plugin <= 3.1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jinson Varghese Behanan in WordPress LearnDash LMS premium plugin versions = 3.1.1.1. Solution Update the WordPress LearnDash LMS premium plugin to the latest available version at least 3.1.2...
WordPress Huge-IT Video Gallery plugin <=2.0.4 - SQL Injection vulnerability
SQL Injection vulnerability found by Neven Biruski DefenseCode in WordPress Huge-IT Video Gallery plugin version 2.0.4 and earlier versions. Solution Update WordPress Huge-IT Video Gallery plugin to the latest available version...
WordPress Easy Social Icons Plugin 1.2.2 - CSRF
Easy Social Icons plugin is prone to a cross-site request forgery vulnerability because of insufficient validation is performed on the "imagefile" parameter which allows arbitrary JavaScript. Solution Upgrade the plugin...
WordPress Download Manager Plugin <= 2.0.6 - Multiple CSRF and XSS
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress DukaPress Plugin <=2.5.3 - Directory Traversal
This vulnerability is in the "dpimgresize" function in php/dp-functions.php. It allows the attackers to read arbitrary files in the "src" parameter to lib/dpimage.php. Solution Update the plugin...
WordPress Google Calendar Events Plugin <= 2.0.3 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "gcefeedids" parameter in a gceajax action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress <= 3.9.1 - Denial Of Service Attacks #1
The Incutio XML-RPC IXR Library, that is used in WordPress 3.9.1, does not limit the number of elements in an XML document. In that way the attackers can cause a denial of service attacks via a large document. Related records:...
WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...
WordPress Terillion Reviews Plugin <= 1.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the ProfileId field. Solution Update the plugin...
WordPress Video Lead Form Plugin - Cross Site Scripting
WordPress Video Lead Form plugin's "errMsg" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can stea...
WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #2
Because of this vulnerability in swfupload.swf, the attackers can inject arbitrary web script or HTML via the "buttonText" parameter. Solution Update the plugin...
WordPress <= 3.1.0 - Multiple Vulnerabilities
The attackers can cause a denial of service via a comment with a crafted URL that triggers many recursive calls, because the makeclickable function in wp-includes/formatting.php does not properly check URLs before passing them to the PCRE library. Solution Update WordPress...
WordPress <= 2.0- Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "userlogin" parameter. Solution Update WordPress...
WordPress <= 2.1 - Denial of Service Attacks
The attackers can cause a denial of service attacks via pingback service calls. Solution Update the WordPress to the latest available version at least 2.2...
WordPress <= 1.5.2 - SQL injection
Because of this vulnerability, attackers can execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Solution Update the WordPress to the latest available version at least 1.5.3...
WordPress Map My Locations plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Map My Locations versions = 1.1...