46606 matches found
WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...
WordPress amr users plugin <= 4.59.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress amr users plugin versions = 4.59.3. Solution Update the WordPress amr users plugin to the latest available version at least 4.59.4...
WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin versions = 3.6.7. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.8...
WordPress Loco Translate plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Loco Translate plugin versions = 2.6.0. Solution Update the WordPress Loco Translate plugin to the latest available version at least 2.6.1...
WordPress Export All URLs plugin <= 4.2 - Private/Draft Post/Page Title Disclosure via Cross-Site Request Forgery (CSRF) vulnerability
Private/Draft Post/Page Title Disclosure via Cross-Site Request Forgery CSRF vulnerability discovered by Asif Nawaz Minhas in WordPress Export All URLs plugin versions = 4.2. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.3...
WordPress Material Design for Contact Form 7 plugin <= 2.6.4 - Arbitrary Settings Update vulnerability leading to Denial of Service (DoS)
Arbitrary Settings Update vulnerability leading to Denial of Service DoS discovered by Krzysztof ZajÄ…c in WordPress Material Design for Contact Form 7 plugin versions = 2.6.4. Solution Deactivate and delete. This plugin has been closed as of February 11, 2022 and is not available for download. Th...
WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin versions = 1.3.6.2. Solution Update the WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin to the latest...
WordPress Amelia plugin <= 1.0.46 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Kumar Trellix in WordPress Amelia plugin versions = 1.0.46. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.47...
WordPress Pz-LinkCard plugin <= 2.4.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Pz-LinkCard plugin versions = 2.4.5.2. Solution Update the WordPress Pz-LinkCard plugin to the latest available version at least 2.4.5.3...
WordPress Gyta BuyBack plugin <= 1.1.6 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Gyta BuyBack plugin versions = 1.1.6. Solution Update the WordPress Gyta BuyBack plugin to the latest available version at least 1.1.7...
WordPress Cost Calculator plugin <= 1.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Cost Calculator plugin versions = 1.5. Solution Update the WordPress Cost Calculator plugin to the latest available version at least 1.6...
WordPress TI WooCommerce Wishlist plugin <= 1.40.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress TI WooCommerce Wishlist plugin versions = 1.40.0. Solution Update the WordPress TI WooCommerce Wishlist plugin to the latest available version at least 1.40.1...
WordPress Dynamic Widgets plugin <= 1.5.16 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Dynamic Widgets plugin versions = 1.5.16. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Popup Builder plugin <= 4.0.6 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered in WordPress Popup Builder plugin versions = 4.0.6. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.0.7...
WordPress Login/Signup Popup plugin <= 2.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland Wordfence in WordPress Login/Signup Popup plugin versions = 2.2. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 2.3...
WordPress WP HTML Mail plugin <= 3.0.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress WP HTML Mail plugin versions = 3.0.9. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.1...
WordPress Simple Download Monitor plugin <= 3.9.8 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by apple502j in the WordPress Simple Download Monitor plugin versions = 3.9.8. Solution Update the WordPress Simple Download Monitor to the latest available version at least 3.9.9...
WordPress CorreosExpress plugin <= 2.6.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by José Aguilera in WordPress CorreosExpress plugin versions = 2.6.0. Solution Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue...
WordPress MOLIE – Instructure Canvas Linking tool plugin <= 0.5 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Jeremie Amsellem in WordPress MOLIE – Instructure Canvas Linking tool plugin versions = 0.5. Solution Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue...
WordPress PDF.js Viewer plugin <= 2.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress PDF.js Viewer plugin versions = 2.0.1. Solution Update the WordPress PDF.js Viewer plugin to the latest available version at least 2.0.2...
WordPress Slider Hero plugin <= 8.2.6 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by apple502j in WordPress Slider Hero plugin versions = 8.2.6. Solution Update the WordPress Slider Hero plugin to the latest available version at least 8.2.7...
WordPress Polls Widget plugin <= 1.5.2 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Toby Jackson in WordPress Polls Widget plugin versions = 1.5.2. Solution Update the WordPress Polls Widget plugin to the latest available version at least 1.5.3...
WordPress wpForo Forum plugin <= 1.9.6 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Hosein Vita in WordPress wpForo Forum plugin versions = 1.9.6. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 1.9.7...
WordPress fitness calculators plugin <= 1.9.5 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress fitness calculators plugin versions = 1.9.5. Solution Update the WordPress fitness calculators plugin to the latest available version at least 1.9.6...
WordPress Stockdio Historical Chart plugin <= 2.7.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Jondow in WordPress Stockdio Historical Chart plugin versions = 2.7.2. Solution Update the WordPress Stockdio Historical Chart plugin to the latest available version at least 2.8.1...
WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability found by Ramuel Gall in WordPress Welcart e-Commerce plugin versions = 1.9.35. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 1.9.36...
WordPress <= 5.5.1 - Mishandled deserialization requests vulnerability
Mishandled deserialization requests vulnerability found by Alex Concha in WordPress versions = 5.5.1. Solution Update the WordPress plugin to the latest available version at least 5.5.2...
WordPress LearnDash LMS premium plugin <= 3.1.5 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered in WordPress LearnDash LMS premium plugin versions = 3.1.5. Solution Update the WordPress LearnDash LMS premium plugin to the latest available version at least 3.1.6...
WordPress CSS Hero plugin <= 4.03 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Cary Hooper in WordPress CSS Hero plugin versions = 4.03. Solution Update the WordPress CSS Hero plugin to the latest available version at least 4.07...
WordPress YITH PayPal Express Checkout for WooCommerce plugin <=1.2.5 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH PayPal Express Checkout for WooCommerce plugin versions =1.2.5. Solution Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version at...
WordPress YITH WooCommerce Zoom Magnifier plugin <=1.3.11 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Zoom Magnifier plugin versions =1.3.11. Solution Update the WordPress YITH WooCommerce Zoom Magnifier plugin to the latest available version at least 1.3.12...
WordPress SlickQuiz plugin <= 1.3.7.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by Julien Ahrens in WordPress SlickQuiz plugin versions = 1.3.7.1. Solution 11 September 2019 - we were unable to find a patched version of this plugin...
WordPress Widget Logic plugin <= 5.10.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found in WordPress Widget Logic plugin versions = 5.10.2. Solution Update the WordPress Widget Logic plugin to the latest available version at least 5.10.3...
WordPress YOP Poll plugin <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress YOP Poll plugin versions = 6.0.2. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.0.3...
WordPress <= 4.5.2 - BYPASS #4
The customizer allows an attacker to bypass intended redirection restrictions via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-1...
WordPress Admin Font Editor Plugin <= 1.8 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress ACF Frontend Display Plugin 2.0.5 - File Upload
ACF Frontend Display plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...
WordPress Slider Revolution Plugin <= 3.0.95 - Multiple Vulnerabilities
Because of these vulnerabilities, the attackers can upload and execute arbitrary files, create, update, import or export arbitrary sliders via unspecified vectors, also, delete arbitrary sliders. Solution Update the plugin...
WordPress XCloner Plugin <= 3.1.2 - Static Code Injection
Because of this vulnerability remote authenticated users can inject arbitrary PHP code into the language files via a Translation LMFRONT field for a language. Solution Update the plugin...
WordPress XCloner Plugin <= 3.1.2 - XSS
Because of this vulnerability, remote authenticated users can inject arbitrary web script or HTML in the xclonershow page via the "exclmanual" parameter to wpadmin/plugins.php. Solution Update the plugin...
WordPress Videowall Plugin - Reflected Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in index.php pageid parameter. Solution Update the plugin...
WordPress SEO by Yoast Plugin 1.7.3.3 - Blind SQL Injection
SEO by Yoast plugin is prone to a blind SQL injection vulnerability. This vulnerability is found "admin/class-bulk-editor-list-table.php". Because of it, the orderby and order "get" parameters are not sufficiently sanitised before being used within a SQL query. Solution Update the plugin...
WordPress <= 3.9.2 - XSS
This vulnerability is in the "wptexturize" function. It allows the attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. Solution Update WordPress...
WordPress <= 4.0.0 - XSS #1
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via a crafted Cascading Style Sheets CSS token sequence in a post. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss-2...
WordPress BulletProof Security Plugin <= .51 - XSS
Because of this vulnerability in admin/htaccess/bpsunlock.php, the attackers can inject arbitrary web script or HTML via the "dbhost" parameter. Solution Update the plugin...
WordPress Mulitple Themes - Arbitrary File Download
Multiple WordPress themes are prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Upgrade themes...
WordPress Bookclub Theme - Remote Code Execution
There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress XCloner Standalone Plugin <= 3.5 - Multiple CSRF
Because of these multiple vulnerabilities, the attackers can hijack the authentication of administrators for requests that change the administrator password via the config task to index2.php. Solution Update the plugin...
WordPress <= 3.0.1
wp-includes/comment.php does not properly whitelist trackbacks and pingbacks in the blogroll. In that way the attackers can bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. Solution Update WordPress...
WordPress WP Cron Dashboard Plugin <= 1.1.5 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "procname" parameter to wp-admin/tools.php. Solution Update the plugin...