46606 matches found
WordPress Feed Them Social plugin <= 2.9.8.5 - Unauthenticated PHAR Deserialization vulnerability
Unauthenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Feed Them Social plugin versions = 2.9.8.5. Solution Update the WordPress Feed Them Social plugin to the latest available version at least 2.9.8.6...
WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability
Authenticated Arbitrary File Read via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...
WordPress WSM Downloader plugin <= 1.4.0 - Domain Name Restriction Bypass vulnerability
Domain Name Restriction Bypass vulnerability discovered by Raad Haddad in WordPress WSM Downloader plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of July 8, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Event Timeline plugin <= 1.1.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Event Timeline plugin versions = 1.1.6. Solution No patched version available...
WordPress AnyMind Widget plugin <= 1.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Sho Sakata in WordPress AnyMind Widget plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is temporar...
WordPress Visualizer plugin <= 3.7.9 - Authenticated PHAR Deserialization vulnerability
Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Visualizer plugin versions = 3.7.9. Solution Update the WordPress Visualizer plugin to the latest available version at least 3.7.10...
WordPress Jquery Validation For Contact Form 7 plugin <= 5.2 - Arbitrary Options Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Options Update via Cross-Site Request Forgery CSRF vulnerability discovered by Gibran Abdillah in WordPress Jquery Validation For Contact Form 7 plugin versions = 5.2. Solution Update the WordPress Jquery Validation For Contact Form 7 plugin to the latest available version at least 5.3...
WordPress Bold Page Builder plugin <= 4.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Nikhil Kapoor in WordPress Bold Page Builder plugin versions = 4.3.2. Solution Update the WordPress Bold Page Builder plugin to the latest available version at least 4.3.3...
WordPress WP Maintenance Mode & Coming Soon plugin <= 2.4.4 - Subscribed Users Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Subscribed Users Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress WP Maintenance Mode & Coming Soon plugin versions = 2.4.4. Solution Update the WordPress WP Maintenance Mode & Coming Soon plugin to the latest available version at least 2.4.5...
WordPress Core plugin for Kitestudio themes <= 2.3.0 - Reflected Cross-Site-Scripting (XSS) vulnerability
Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Core plugin for Kitestudio themes versions = 2.3.0. Solution Update the WordPress Core plugin for Kitestudio themes to the latest available version at least 2.3.1...
WordPress Mitsol Social Post Feed plugin <= 1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress Mitsol Social Post Feed plugin versions = 1.10. Solution Deactivate and delete. This plugin has been closed as of and is not available for download. Reason: Security Issue...
WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities
Multiple Broken Access Control vulnerabilities were discovered by m0ze Patchstack in WordPress Social Share Buttons by Supsystic plugin versions = 2.2.3. Solution Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version at least 2.2.4...
WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
Multiple Authenticated SQL Injection SQLi vulnerabilities were discovered by m0ze Patchstack in the WordPress Social Share Buttons by Supsystic plugin versions = 2.2.3. Solution Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version at least 2.2.4...
WordPress Log WP_Mail plugin <= 0.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability was discovered by Daniel Ruf in the WordPress Log WPMail plugin versions = 0.1. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress iQ Block Country plugin <= 1.2.13 - Protection Bypass due to IP Spoofing vulnerability
Protection Bypass due to IP Spoofing vulnerability discovered by Daniel Ruf in WordPress iQ Block Country plugin versions = 1.2.13. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress WP Fundraising Donation and Crowdfunding Platform plugin < 1.5.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress WP Fundraising Donation and Crowdfunding Platform plugin versions 1.5.0. Solution Update the WordPress WP Fundraising Donation and Crowdfunding Platform plugin to the latest available version at least 1.5.0...
WordPress Content Mask plugin <= 1.8.4 - Arbitrary Options Update vulnerability
Arbitrary Options Update vulnerability discovered by ptsfence in WordPress Content Mask plugin versions = 1.8.4. Solution Update the WordPress Content Mask plugin to the latest available version at least 1.8.4.1...
WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability
Subscriber+ Plugin Settings Update vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ShortPixel Adaptive Images plugin versions = 3.3.1. Solution Update the WordPress ShortPixel Adaptive Images plugin to the latest available version at least 3.4.0...
WordPress Personal Dictionary plugin <= 1.3.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Personal Dictionary plugin versions = 1.3.3. Solution Update the WordPress Personal Dictionary plugin to the latest available version at least 1.3.4...
WordPress RSFirewall! plugin <= 1.1.24 - IP Block Bypass vulnerability
IP Block Bypass vulnerability discovered by Daniel Ruf in WordPress RSFirewall! plugin versions = 1.1.24. Solution Update the WordPress RSFirewall! plugin to the latest available version at least 1.1.25...
WordPress HubSpot plugin <= 8.8.13 - Blind Server-Side Request Forgery (SSRF) vulnerability
Blind Server-Side Request Forgery SSRF vulnerability was discovered by Brandon Roldan in the WordPress HubSpot plugin versions = 8.8.13. Solution Update the WordPress HubSpot plugin to the latest available version at least 8.8.15...
WordPress Pricing Table plugin <= 1.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Pricing Table plugin versions = 1.5.2. Solution No patched version is available...
WordPress Be POPIA Compliant plugin <= 1.1.5 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Chris Meistre in WordPress Be POPIA Compliant plugin versions = 1.1.5. Solution Update the WordPress Be POPIA Compliant plugin to the latest available version at least 1.1.6...
WordPress Simple File List plugin <= 3.2.7 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Admavidhya N in WordPress Simple File List plugin versions = 3.2.7. Solution Update the WordPress Simple File List plugin to the latest available version at least 3.2.8...
WordPress One Click Demo Import plugin <= 3.0.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by YICHENG LIU-ZTE CHENFENG lab in WordPress One Click Demo Import plugin versions = 3.0.2. Solution Update the WordPress One Click Demo Import plugin to the latest available version at least 3.1.0...
WordPress Easy Smooth Scroll Links plugin <= 2.23.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Park won seok in WordPress Easy Smooth Scroll Links plugin versions = 2.23.0. Solution Update the WordPress Easy Smooth Scroll Links plugin to the latest available version at least 2.23.1...
WordPress String locator plugin <= 2.4.2 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by qerogram in WordPress String locator plugin versions = 2.4.2. Solution Update the WordPress String locator plugin to the latest available version at least 2.5.0...
WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress MC4WP plugin versions = 4.8.6. Solution Update the WordPress MC4WP plugin to the latest available version at least 4.8.7...
WordPress Modern Events Calendar Lite plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rohan Chaudhari in WordPress Modern Events Calendar Lite plugin versions = 6.3.0. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.4.0...
WordPress Passwordless Login with OTP / SMS & Email – Account Kit plugin <= 1.2.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Passwordless Login with OTP / SMS & Email – Account Kit plugin versions = 1.2.3. Solution No patched version available...
WordPress WUPO Group Attributes for WooCommerce plugin <= 2.0.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WUPO Group Attributes for WooCommerce plugin versions = 2.0.0. Solution Update the WordPress WUPO Group Attributes for WooCommerce plugin to the latest available version at least 2.1.0...
WordPress Floating Tiktok button (Tiktok Follow button)+ Tikcode (QrCode) for Tiktok followers plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Floating Tiktok button Tiktok Follow button+ Tikcode QrCode for Tiktok followers plugin versions = 1.0.4. Solution Update the WordPress Floating Tiktok button Tiktok Follow button+ Tikcode QrCode for Tiktok followers plugin to...
WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form X plugin versions = 2.4. Solution Update the WordPress Contact Form X plugin to the latest available version at least 2.4.1...
WordPress Amelia plugin <= 1.0.45 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by qerogram in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...
WordPress Profile Builder plugin <= 3.6.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress Profile Builder plugin versions = 3.6.1. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.2...
WordPress AP Custom Testimonial plugin <= 1.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Rafael Castilho in WordPress AP Custom Testimonial plugin versions = 1.4.7. Solution Update the WordPress AP Custom Testimonial plugin to the latest available version at least 1.4.8...
WordPress Ad Inserter plugin <= 2.7.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Ad Inserter plugin versions = 2.7.9. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.10...
WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.20.93 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Anti-Malware Security and Brute-Force Firewall plugin versions = 4.20.93. Solution Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version at least 4.20.94...
WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress Better Messages plugin versions = 1.9.9.148. Solution Update the WordPress Better Messages plugin to the latest available version at least 1.9.9.149...
WordPress MapPress Maps for WordPress plugin <= 2.73.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress MapPress Maps for WordPress plugin versions = 2.73.3. Solution Update the WordPress MapPress Maps for WordPress plugin to the latest available version at least 2.73.4...
WordPress GTranslate plugin <= 2.9.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress GTranslate plugin versions = 2.9.6. Solution Update the WordPress GTranslate plugin to the latest available version at least 2.9.7...
WordPress Preview E-mails for WooCommerce plugin <= 1.6.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Preview E-mails for WooCommerce plugin versions = 1.6.8. Solution Update the WordPress Preview E-mails for WooCommerce plugin to the latest available version at least 2.0.0...
WordPress RentPress plugin <= 6.6.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress RentPress plugin versions = 6.6.4. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Shortcodes Ultimate plugin <= 5.10.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Shortcodes Ultimate plugin versions = 5.10.1. Solution Update the WordPress Shortcodes Ultimate plugin to the latest available version at least 5.10.2...
WordPress 4k Icons for Visual Composer plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress 4k Icons for Visual Composer plugin versions = 1.0. Solution This plugin has been closed and is no longer available for download...
WordPress Social Tape plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Ashish Upsham in WordPress Social Tape plugin versions = 1.0. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...
WordPress Yes/No Chart plugin <= 1.0.11 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by Apple502j in WordPress Yes/No Chart plugin versions = 1.0.11. Solution Update the WordPress Yes/No Chart plugin to the latest available version at least 1.0.12...
WordPress Visitors plugin <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mesut Cetin in WordPress Visitors plugin versions = 0.3. Solution This plugin has been closed as of May 26, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Easy Google Maps plugin <= 1.9.31 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Easy Google Maps plugin versions = 1.9.31. Solution Update the WordPress Easy Google Maps plugin to the latest available version at least 1.9.32...
WordPress LMS by LifterLMS plugin <= 4.21.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Amirmuhammad Vakili in WordPress LMS by LifterLMS plugin versions = 4.21.0. Solution Update the WordPress LMS by LifterLMS plugin to the latest available version at least 4.21.1...