46606 matches found
WordPress Map My Locations plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Map My Locations versions = 1.1...
WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2.2 is vulnerable to Arbitrary Code Execution
Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2.2 Fixed in 1.4.2.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10640 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID 9ec73d22667c Credits mikemyers...
WordPress Jobs for WordPress Plugin < 2.7.8 is vulnerable to Cross Site Scripting (XSS)
Software Jobs for WordPress Type Plugin Vulnerable versions 2.7.8 Fixed in 2.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10104 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 470159fcd95b Credits Krugov Artyom Required...
WordPress Chartify Plugin <= 2.9.5 is vulnerable to Remote Code Execution (RCE)
Software Chartify Type Plugin Vulnerable versions = 2.9.5 Fixed in 2.9.6 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-10571 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 97f7a98a5728 Credits abrahack Required privilege Unauthenticated...
WordPress Advanced Order Export For WooCommerce Plugin <= 3.5.5 is vulnerable to PHP Object Injection
Software Advanced Order Export For WooCommerce Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10828 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52652ce9166f Credits Webbernaut Require...
WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 13b3ec9c4ec2 Credits abrahack Required privilege Unauthenticated Publish...
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.8.6 is vulnerable to Remote Code Execution (RCE)
Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-7094 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 31d4d7c86bb1 Credits Conno...
WordPress Ajax Load More Plugin <= 7.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Ajax Load More Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4711 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 049ac1eade10 Credits Webbernaut Required...
WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1446 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 891652032504 Credits Krzysztof Zając Required...
WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload
Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...
WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.10 Fixed in 1.23.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5982 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ef8f3eafdf9f Credits Nicolas Decayeux...
WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Broken Access Control
Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5533 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ffa27d384955 Credits Marco Wotschka Required privilege...
WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)
Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 36513c06abe2 Credits Marco Wotschka...
WordPress Divi Theme <= 4.20.2 is vulnerable to Cross Site Scripting (XSS)
Software Divi Type Theme Vulnerable versions = 4.20.2 Fixed in 4.20.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29099 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 15fa42e5d3af Credits Rafie Muhammad Patchstack Require...
WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.19.0 - Unauth. Arbitrary File Upload vulnerability
Unauth. Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress YITH WooCommerce Gift Cards Premium plugin versions = 3.19.0. Solution Update the WordPress YITH WooCommerce Gift Cards Premium plugin to the latest available version at least 3.20.0...
WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0. Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is...
WordPress Soledad premium theme <= 8.2.5 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. Cross-Site Scripting XSS vulnerability discovered by Dave Jong in WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...
WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Ads – Ad Manager & AdSense plugin versions = 1.31.1. Solution Update the WordPress Advanced Ads – Ad Manager & AdSense plugin to the latest available version at least...
WordPress Disable User Login plugin <= 1.0.1 - Unauthenticated Settings Update vulnerability
Unauthenticated Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Disable User Login plugin versions = 1.0.1. Solution No patched version available...
WordPress WP Popup Builder plugin <= 1.2.9 - Authenticated Arbitrary Popup Deletion vulnerability
Authenticated Arbitrary Popup Deletion vulnerability discovered by Krzysztof Zając in WordPress WP Popup Builder plugin versions = 1.2.9. Solution Update the WordPress WP Popup Builder plugin to the latest available version at least 1.3.0...
WordPress Add User Role plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add User Role plugin versions = 0.0.1. Solution Deactivate and delete. This plugin has been closed as of August 29, 2022 and is not available for download. This closure is temporary...
WordPress Beaver Builder plugin <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Text Editor
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhouyuan Yang in WordPress Beaver Builder plugin versions = 2.5.5.2. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.5.3...
WordPress Visual Composer Website Builder plugin <= 45.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Text Block
Authenticated Stored Cross-Site Scripting XSS vulnerability via Text Block discovered by Zhouyuan Yang in WordPress Visual Composer Website Builder plugin versions = 45.0 Solution Update the WordPress Visual Composer Website Builder plugin to the latest available version at least 45.0.1...
WordPress Ping Optimizer plugin <= 2.35.1.2.3 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Ping Optimizer plugin versions = 2.35.1.3.0. Solution Update the WordPress WordPress Ping Optimizer plugin to the latest available version at least 2.35.1.3.0...
WordPress Affiliates Manager Plugin <= 2.9.13 - Authenticated Cross-Site Scripting vulnerability
Authenticated Cross-Site Scripting vulnerability discovered by WPScan in Affiliates Managers versions = 2.9.13 Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.9.14...
WordPress Visual Portfolio Plugin <= 2.18.0 - Authenticated CSS Injection vulnerability
Authenticated CSS Injection vulnerability discovered by Krzysztof Zając in Visual Portfolio plugin versions = 2.18.0 Solution Update the WordPress Visual Portfolio, Photo Gallery & Post Grid plugin to the latest available version at least 2.19.0...
WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability
Unauthenticated plugin settings change vulnerability discovered by ptsfence Patchstack Alliance in WordPress THE Leads Management System: 59sec LITE plugin versions = 3.4.1. Solution Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This...
WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to stats and cache deletion were discovered by Vlad Vector Patchstack in the WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...
WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability
Broken Authentication vulnerability leading to unauthenticated post update/create/delete discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ActiveDEMAND plugin versions = 0.2.27. Solution Update the WordPress ActiveDEMAND plugin to the latest available version at least 0.2.28...
WordPress Auto-hyperlink URLs plugin <= 5.4.1 - Tab Nabbing vulnerability
Tab Nabbing vulnerability discovered by Daniel Ruf in WordPress Auto-hyperlink URLs plugin versions = 5.4.1. Solution Deactivate and delete. This plugin has been closed as of July 18, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability
Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Tabs plugin versions = 3.6.0. Solution Update the WordPress Tabs plugin to the latest available version at least 3.7.0...
WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason:...
WordPress Simple Membership plugin <= 4.1.2 - Unauthenticated Membership Privilege Escalation vulnerability
Unauthenticated Membership Privilege Escalation vulnerability discovered by Jet Infosystems in WordPress Simple Membership plugin versions = 4.1.2. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.1.3...
WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack in WordPress WP Maintenance plugin versions = 6.0.7 Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...
WordPress WP Event Manager plugin <= 3.1.27 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress WP Event Manager plugin versions = 3.1.27. Solution Update the WordPress WP Event Manager plugin to the latest available version at least 3.1.28...
WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change
Cross-Site Request Forgery CSRF leading to Plugin Settings Change discovered by Rasi Afeef Patchstack Alliance in WordPress Photo Gallery by Supsystic plugin versions = 1.15.5. Solution Update the WordPress Photo Gallery by Supsystic plugin to the latest available version at least 1.15.6...
WordPress Ultimate Member plugin <= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ruijie Li in WordPress Ultimate Member plugin versions = 2.3.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.4.0...
WordPress WPMK Ajax Finder plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) via CSRF vulnerability
Stored Cross-Site Scripting XSS via CSRF vulnerability discovered by Tsubasa Imaizumi Cryptography Laboratory in Tokyo Denki University in WordPress WPMK Ajax Finder plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for...
WordPress JupiterX premium plugin <= 2.0.7 - Authenticated Privilege Escalation and Post deletion vulnerability
Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress JupiterX premium plugin versions = 2.0.7. Solution Update the WordPress JupiterX premium plugin to the latest available version at least 2.0.8...
WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability
Authenticated Local File Inclusion LFI vulnerability discovered by 0xB9 Patchstack Alliance in WordPress Hover Effects plugin versions = 2.1. Solution Update the WordPress Hover Effects plugin to the latest available version at least 2.1.1...
WordPress CP Image Store with Slideshow plugin <= 1.0.67 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress CP Image Store with Slideshow plugin versions = 1.0.67. Solution Update the WordPress CP Image Store with Slideshow plugin...
WordPress Slideshow plugin <= 2.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slideshow plugin versions = 2.3.1. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress wpDataTables plugin versions = 2.1.27. Solution Update the WordPress wpDataTables plugin to the latest available version at least 2.1.28...
WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closu...
WordPress AGIL plugin <= 1.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Chuang LI in WordPress AGIL plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of March 31, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Custom TinyMCE Shortcode Button plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom TinyMCE Shortcode Button plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress Order Listener for WooCommerce plugin <= 3.2.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Order Listener for WooCommerce plugin versions = 3.2.1. Solution Update the WordPress Order Listener for WooCommerce plugin to the latest available version at least 3.2.2...
WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import
Cross-Site Request Forgery CSRF vulnerability leading to Template Import discovered by Ex.Mi Patchstack in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...
WordPress ThirstyAffiliates Affiliate Link Manager plugin <= 3.10.4 - Arbitrary Affiliate Links Creation vulnerability
Arbitrary Affiliate Links Creation vulnerability discovered by Krzysztof Zając in WordPress ThirstyAffiliates Affiliate Link Manager plugin versions = 3.10.4. Solution Update the WordPress ThirstyAffiliates Affiliate Link Manager plugin to the latest available version at least 3.10.5...