45686 matches found
WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...
WordPress Users Ultra plugin <= 3.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Users Ultra plugin versions = 3.1.0. Solution Deactivate and delete. This plugin has been closed as of March 14, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Nimble Page Builder plugin < 3.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Nimble Page Builder plugin versions 3.2.2. Solution Update the WordPress Nimble Page Builder plugin to the latest available version at least 3.2.3...
WordPress Loco Translate plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Loco Translate plugin versions = 2.6.0. Solution Update the WordPress Loco Translate plugin to the latest available version at least 2.6.1...
WordPress Export All URLs plugin <= 4.2 - Private/Draft Post/Page Title Disclosure via Cross-Site Request Forgery (CSRF) vulnerability
Private/Draft Post/Page Title Disclosure via Cross-Site Request Forgery CSRF vulnerability discovered by Asif Nawaz Minhas in WordPress Export All URLs plugin versions = 4.2. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.3...
WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.12 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Nuno Correia Blaze Security in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.12. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...
WordPress Akismet Privacy Policies plugin <= 2.0.1- Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Akismet Privacy Policies plugin versions = 2.0.1. Solution Deactivate and delete. This plugin has been closed as of January 18, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Page Visit Counter plugin <= 6.0.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Page Visit Counter plugin versions = 6.0.8. Solution No patched version available...
WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic plugin versions = 1.0.3. Solution Update the WordPress Internal Linking for SEO traffic & Ranking – Auto internal links...
WordPress Iks Menu – WordPress Category Accordion Menu plugin <= 1.9.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Iks Menu – WordPress Category Accordion Menu plugin versions = 1.9.1. Solution Update the WordPress Iks Menu – WordPress Category Accordion Menu plugin to the latest available version at least 1.9.2...
WordPress Amelia plugin <= 1.0.45 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by qerogram in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...
WordPress Profile Builder plugin <= 3.6.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress Profile Builder plugin versions = 3.6.1. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.2...
WordPress Flexi – Guest Submit plugin <= 4.19 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Felipe Tapia Sasot in WordPress Flexi – Guest Submit plugin versions = 4.19. Solution Update the WordPress Flexi – Guest Submit plugin to the latest available version at least 4.20...
WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability
Server Information Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...
WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.20.93 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Anti-Malware Security and Brute-Force Firewall plugin versions = 4.20.93. Solution Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version at least 4.20.94...
WordPress MapPress Maps for WordPress plugin <= 2.73.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress MapPress Maps for WordPress plugin versions = 2.73.3. Solution Update the WordPress MapPress Maps for WordPress plugin to the latest available version at least 2.73.4...
WordPress Futurio Extra plugin <= 1.6.2 - User Email Address Leakage vulnerability
User Email Address Leakage vulnerability discovered by Krzysztof ZajÄ…c in WordPress Futurio Extra plugin versions = 1.6.2. Solution Update the WordPress Futurio Extra plugin to the latest available version at least 1.6.3...
WordPress Login/Signup Popup plugin <= 2.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland Wordfence in WordPress Login/Signup Popup plugin versions = 2.2. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 2.3...
WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...
WordPress PublishPress Capabilities plugin <= 2.3 - Unauthenticated Settings Change vulnerability
Unauthenticated Settings Change vulnerability discovered by Krzysztof ZajÄ…c in WordPress PublishPress Capabilities plugin versions = 2.3. Solution Update the WordPress PublishPress Capabilities plugin to the latest available version at least 2.3.1...
WordPress StoreVilla theme <= 1.4.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress StoreVilla theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability
Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.4. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.5...
WordPress Formidable Forms plugin <= 5.0.06 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Formidable Forms plugin versions = 5.0.06. Solution Update the WordPress Formidable Forms plugin to the latest available version at least 5.0.07...
WordPress ZoomSounds premium plugin <= 6.45 - Unauthenticated Directory Traversal vulnerability
Unauthenticated Directory Traversal vulnerability discovered by DigitalJessica Ltd in WordPress ZoomSounds premium plugin versions = 6.45. Solution Update the WordPress ZoomSounds premium plugin to the latest available version at least 6.50...
WordPress AceIDE plugin <= 2.6.2 - Authenticated Local File Inclusion vulnerability
Authenticated Local File Inclusion vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress AceIDE plugin versions = 2.6.2. Solution This plugin has been closed as of June 1, 2021 and is not available for download. Reason: Security Issue...
WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...
WordPress Polls Widget plugin <= 1.5.2 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Toby Jackson in WordPress Polls Widget plugin versions = 1.5.2. Solution Update the WordPress Polls Widget plugin to the latest available version at least 1.5.3...
WordPress Easy Google Maps plugin <= 1.9.31 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Easy Google Maps plugin versions = 1.9.31. Solution Update the WordPress Easy Google Maps plugin to the latest available version at least 1.9.32...
WordPress WP Super Cache plugin <= 1.7.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress WP Super Cache plugin versions = 1.7.2. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.3...
WordPress Tutor LMS plugin <= 1.8.7 - Authenticated Local File Inclusion vulnerability
Authenticated Local File Inclusion vulnerability discovered by sasa in WordPress Tutor LMS plugin versions = 1.8.7 Solution Update the WordPress Tutor LMS plugin to the latest available version at least 1.8.8...
WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress N5 Upload Form plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...
WordPress Elementor Website Builder plugin <= 2.9.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Th3 Hidd3n 0n3 in WordPress Elementor Website Builder plugin versions = 2.9.13. Solution Update the WordPress Elementor Website Builder plugin to the latest available version at least 2.9.140...
WordPress Autoptimize plugin <= 2.7.6 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability found by Nguyen Van Khanh SunCSR in WordPress Autoptimize plugin versions = 2.7.6. Solution Update the WordPress Autoptimize plugin to the latest available version at least = 2.7.7...
WordPress Careerfy premium theme <= 4.0.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities discovered by m0ze in WordPress Careerfy premium theme versions = 4.0.0. Solution Update the WordPress Careerfy premium theme to the latest available version at least 4.1.0...
WordPress OneTone theme <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress OneTone theme versions = 3.0.6. Solution No patched version is available...
WordPress Elementor Page Builder plugin <= 2.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Impenetrable in WordPress Elementor Page Builder plugin versions = 2.8.4. Solution Update the WordPress Elementor Page Builder plugin to the latest available version at least 2.8.5...
WordPress YITH PayPal Express Checkout for WooCommerce plugin <=1.2.5 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH PayPal Express Checkout for WooCommerce plugin versions =1.2.5. Solution Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version at...
WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability
Reverse Tabnabbing vulnerability found by MTK in WordPress Wise Chat plugin versions = 2.6.3. Solution Update the WordPress Wise Chat plugin to the latest available version at least 2.7...
WordPress <= 4.5.2 - BYPASS #2
This vulnerability allows an attacker to bypass intended password-change restrictions by leveraging knowledge of a cookie. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-2...
WordPress Pie Register Plugin <= 2.0.18 - Multiple SQL Injection
An SQL Injection exsist in pie-register/pie-register.php. It allows the administrators to execute arbitrary SQL commands via the 1. selectinvitaioncodebulkoption or 2. invidelid parameter in the pie-invitation-codes page to wp-admin/admin.php. Solution Update the plugin...
WordPress Appointment Booking Calendar Plugin <= 1.1.7 - SQL Injection
This vulnerability allows an attacker to execute arbitrary SQL commands via unspecified vectors that are related to updating the username. Solution Update the plugin...
WordPress <= 4.2.3 - Multiple Vulnerabilities
WordPress 4.2.3 is prone to a cross site scripting and SQL injection vulnerabilities that exist because the sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php does not use a constant-time comparison for widgets. In this way an attacker can execute a timing side-channel...
WordPress RobotCPA Plugin - Local File Inclusion
BookX plugin's get parameter "l" is prone to a local file include vulnerability because of failure of validation user-supplied input. It allows an attacker to get potentially sensitive information. The affected file is "f.php". Solution Update the plugin...
WordPress <= 4.1.1 - XSS
Because of this vulnerability, an attacker can execute same-origin JavaScript functions via the "target" parameter, as demonstrated by executing a certain click function, related to init.as and fireEvent.as. Solution Update WordPress...
WordPress Audio Player Plugin <= 2.0 - Multiple XSS
Because of these vulnerabilities in the wpajaxsaveitem function, the attackers can inject arbitrary web script or HTML via the "itemname" or "itemcustomcss" parameters in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php. Solution Upgrade the plugin...
WordPress <= 4.2.3 - SQL Injection
Because of this vulnerability, an attacker can execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. Solution Update WordPress...
WordPress Image Metadata Cruncher Plugin - Multiple CSRF and XSS
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the "imagemetadatacruncheralt" or "imagemetadatacrunchercaption" parameters. Solution Upgrade the plugin...
WordPress Download Manager Plugin <= 2.0.6 - Multiple CSRF and XSS
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...
WordPress XCloner Standalone Plugin <= 3.5 - Multiple CSRF
Because of these multiple vulnerabilities, the attackers can hijack the authentication of administrators for requests that change the administrator password via the config task to index2.php. Solution Update the plugin...