46606 matches found
WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least 1.5.3...
WordPress Beautiful Cookie Consent Banner plugin <= 2.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in the WordPress Beautiful Cookie Consent Banner plugin versions = 2.9.0. Solution Update the WordPress Beautiful Cookie Consent Banner plugin to the latest available version at least 2.9.1...
WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability
Unauth. Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in the WordPress WatchTowerHQ plugin versions = 3.6.15. Solution Update the WordPress WatchTowerHQ plugin to the latest available version at least 3.6.16...
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Rule Type Migration discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest...
WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability
Missing Authorization vulnerability leading to Feedback Submission discovered by Lana Codes Patchstack Alliance in the WordPress Appointment Booking Calendar plugin versions = 1.3.69. Solution Update the WordPress Appointment Booking Calendar plugin to the latest available version at least 1.3.70...
WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 2.6. Solution Update the WordPress Testimonials plugin to the latest available version at least 2.7...
WordPress 2kb Amazon Affiliates Store plugin <= 2.1.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 2kb Amazon Affiliates Store plugin versions = 2.1.5. Solution No patched version is available. No reply from the vendor...
WordPress tagDiv Composer plugin < 3.5 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Truoc Phan Techlab Corporation in WordPress tagDiv Composer plugin versions 3.5. Solution Update the WordPress tagDiv Composer plugin to the latest available version at least 3.5...
WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability discovered by Dhakal Ananda Patchstack Alliance in WordPress Better Messages plugin versions = 1.9.10.68. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.69...
WordPress CRM Perks Forms plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress CRM Perks Forms plugin versions = 1.1.0. Solution Update the WordPress CRM Perks Forms plugin to the latest available version at least 1.1.1...
WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by mirphak Patchstack Alliance in the WordPress Profile Builder plugin versions = 3.6.0. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.1...
WordPress Tabs plugin <= 3.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress Tabs plugin versions = 3.7.1. Solution Update the WordPress Tabs plugin to the latest available version at least 3.7.2...
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.3 Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the lates...
WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Awesome Support plugin versions = 6.0.7. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.8...
WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in WordPress CallRail Phone Call Tracking plugin versions = 0.4.9. Solution Update the WordPress CallRail Phone Call Tracking plugin to the latest available versio...
WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Poll, Survey, Questionnaire and Voting system plugin versions = 1.7.4. Solution No patched version available...
WordPress Titan Anti Spam & Security Plugin <= 7.3.0 - Protection Bypass due to IP Spoofing vulnerability
Protection Bypass due to IP Spoofing vulnerability discovered by Daniel Ruf in Titan Anti-spam & Security versions = 7.3.0 Solution Update the WordPress Titan Anti-spam & Security plugin to the latest available version at least 7.3.1...
WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability
Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.1.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.2.0...
WordPress MultiSafepay plugin for WooCommerce plugin <= 4.15.0 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Brandon Roldan in WordPress MultiSafepay plugin for WooCommerce plugin versions = 4.15.0. Solution Update the WordPress MultiSafepay plugin for WooCommerce plugin to the latest available version at least 4.16.0...
WordPress YaySMTP – Simple WP SMTP Mail plugin <= 2.2.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress YaySMTP – Simple WP SMTP Mail plugin versions = 2.2.1. Solution Update the WordPress YaySMTP plugin to the latest available version at least 2.2.2...
WordPress Youzify plugin <= 1.1.9 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Youzify plugin versions = 1.1.9. Solution Update the WordPress Youzify plugin to the latest available version at least 1.2.0...
WordPress Featured Image from URL plugin <= 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin versions = 4.0.0. Solution Update the WordPress Featured Image from URL plugin to the latest available version at least 4.0.1...
WordPress Accept Stripe Payments plugin <= 2.0.63 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Accept Stripe Payments plugin versions = 2.0.63. Solution Update the WordPress Stripe Payments plugin to the latest available version at least 2.0.64...
WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress XO Slider plugin versions = 3.3.2. Solution Update the WordPress XO Slider plugin to the latest available version at least 3.3.3...
WordPress Download Manager plugin <= 3.2.42 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Rafie Muhammad Yeraisci in WordPress Download Manager plugin versions = 3.2.42. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.43...
WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Hotel Booking plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. This...
WordPress No Future Posts plugin <= 1.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress No Future Posts plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of April 18, 2022 and is not available for download. This closure i...
WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Countdown & Clock plugin versions = 2.3.2. Solution Update the WordPress Countdown & Clock plugin to the latest available version at least 2.3.3...
WordPress Better Click To Tweet plugin <= 5.10.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Better Click To Tweet plugin versions = 5.10.1. Solution Update the WordPress Better Click To Tweet plugin to the latest available version at least 5.10.2...
WordPress Gwyn's Imagemap Selector plugin <= 0.3.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Gwyn's Imagemap Selector plugin versions = 0.3.3 Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Sliderby10Web plugin <= 1.2.51 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Sliderby10Web plugin versions = 1.2.51. Solution Update the WordPress Sliderby10Web plugin to the latest available version at least 1.2.52...
WordPress BadgeOS plugin <= 3.7.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BadgeOS plugin versions = 3.7.0. Solution Update the WordPress BadgeOS plugin to the latest available version at least 3.7.1...
WordPress Popup Maker plugin <= 1.16.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Roel van Beurden in WordPress Popup Maker plugin versions = 1.16.4. Solution Update the WordPress Popup Maker plugin to the latest available version at least 1.16.5...
WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Chaty plugin versions = 2.8.3. Solution No patched version is available...
WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability
Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...
WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress WPvivid plugin versions = 0.9.70. Solution Update the WordPress WPvivid plugin to the latest available version at least 0.9.71...
WordPress Advanced Page Visit Counter <= 6.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Advanced Page Visit Counter versions = 6.1.1. Solution Update the WordPress Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin to the latest available version at least...
WordPress Social comments by WpDevArt plugin <= 2.4.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Social comments by WpDevArt plugin versions = 2.4.9. Solution Update the WordPress Social comments by WpDevArt plugin to the latest available version at least 2.5.0...
WordPress Opensea plugin <= 1.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Opensea plugin versions = 1.0.2. Solution Update the WordPress Opensea plugin to the latest available version at least 1.0.3...
WordPress Easy Social Icons plugin <= 3.2.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by qerogram in WordPress Easy Social Icons plugin versions = 3.2.0. Solution Update the WordPress Easy Social Icons plugin to the latest available version at least 3.2.1...
WordPress Download Manager plugin <= 3.2.38 - Unauthenticated Brute Force of Files Master Key vulnerability
Unauthenticated Brute Force of Files Master Key vulnerability discovered by Diogo Real in WordPress Download Manager plugin versions = 3.2.38. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.39...
WordPress Stop Bad Bots plugin <= 6.92 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Stop Bad Bots plugin versions = 6.92. Solution Update the WordPress Stop Bad Bots plugin to the latest available version at least 6.930...
WordPress Dropdown Menu Widget plugin <= 1.9.7 - Arbitrary Settings Update leading to Stored Cross-Site Scripting (XSS) vulnerability
Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Dropdown Menu Widget plugin versions = 1.9.7. Solution Deactivate and delete. This plugin has been closed as of March 7, 2022 and is not available for download. This closu...
WordPress Booking Package plugin <= 1.5.28 - Unauthenticated Sensitive Data Disclosure vulnerability
Unauthenticated Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Booking Package plugin versions = 1.5.28. Solution Update the WordPress Booking Package plugin to the latest available version at least 1.5.29...
WordPress Analytics Cat plugin <= 1.0.9 - Plugin Settings change via Cross-Site Request Forgery (CSRF) vulnerability
Plugin Settings change via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Analytics Cat plugin versions = 1.0.9. Solution Update the WordPress Analytics Cat plugin to the latest available version at least 1.1.0...
WordPress Stop Bad Bots plugin <= 6.87 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Stop Bad Bots plugin versions = 6.87. Solution Update the WordPress Stop Bad Bots plugin to the latest available version at least 6.88...
WordPress CodeKit – Custom Codes Editor plugin <= 2.2.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress CodeKit – Custom Codes Editor plugin versions = 2.2.9. Solution Update the WordPress CodeKit – Custom Codes Editor plugin to the latest available version at least 2.3...
WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic plugin versions = 1.0.3. Solution Update the WordPress Internal Linking for SEO traffic & Ranking – Auto internal links...
WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability via 'platform' discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...
WordPress Sync QCloud COS plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Sync QCloud COS plugin versions = 2.0.0. Solution Update the WordPress Sync QCloud COS plugin to the latest available version at least 2.0.1...