45948 matches found
WordPress <= 2.0.11 - XSS
Because of this vulnerability in wp-db-backup.php, the attackers can inject arbitrary web script or HTML via the "backup" parameter in a wp-db-backup.php action to wp-admin/edit.php. Solution Update the WordPress...
WordPress Classic Theme <= 1.5 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the theme...
WordPress <= 2.1.2 - SQL Injection vulnerability
Because of this vulnerability in xmlrpc, the authenticated users can execute arbitrary SQL commands. Solution Update the WordPress to the latest available version at least 2.1.3...
WordPress <= 2.1.2 RC2 - XSS
Because of this vulnerability in wp-admin/vars.php, the authenticated users with theme privileges can inject arbitrary web script or HTML via the PATHINFO. Solution Update the WordPress to the latest available version at least 2.1.3...
WordPress <= 2.0.5 - SQL Injection
Because of this vulnerability, the attackers can bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets. Solution Update the WordPress to the latest available version at least 2.0.6...
WordPress <= 1.5.1.2 - SQL injection
Because of this vulnerability in XMLRPC server, attackers can execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file. Solution Update the WordPress to the latest available version at least 1.5.1.3...
WordPress Forms for Mailchimp by Optin Cat Plugin <= 2.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Forms for Mailchimp by Optin Cat Type Plugin Vulnerable versions = 2.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 95ff17d053e3 Credits vgo...
WordPress e2pdf Plugin <= 1.24.00 is vulnerable to Cross Site Scripting (XSS)
Software e2pdf Type Plugin Vulnerable versions = 1.24.00 Fixed in 1.25.01 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer E2Pdf.com PSID cc24959a7a9a Credits Yudistira Arya Required privilege Author Published 27...
WordPress Album Gallery – WordPress Gallery Plugin <= 1.5.7 is vulnerable to Broken Access Control
Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35720 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2435eb9447f2 Credits Steven Juli...
WordPress Extra Theme <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)
Software Extra Type Theme Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bcfad4f5bb49 Credits Webbernaut Required privilege...
WordPress Aspose.Words Exporter Plugin <= 6.3.1 is vulnerable to Broken Access Control
Software Aspose.Words Exporter Type Plugin Vulnerable versions = 6.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32146 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11984c3d7834 Credits Abdi Pranata Required...
WordPress Template Kit – Import Plugin <= 1.0.14 is vulnerable to Cross Site Scripting (XSS)
Software Template Kit – Import Type Plugin Vulnerable versions = 1.0.14 Fixed in 1.0.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ba95df4bab0 Credits Colin Xu Require...
WordPress WP SMS Plugin <= 6.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP SMS Type Plugin Vulnerable versions = 6.6.2 Fixed in 6.6.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30454 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d4f7f075b7f4 Credits Peng Zhou Required privilege...
WordPress Astra Theme <= 4.6.8 is vulnerable to Cross Site Scripting (XSS)
Software Astra Type Theme Vulnerable versions = 4.6.8 Fixed in 4.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2347 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bd6f62042937 Credits stealthcopter Required privilege Contributor...
WordPress NotificationX Plugin <= 2.8.2 is vulnerable to SQL Injection
Software NotificationX Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1698 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7d9025b61012 Credits Krzysztof ZajÄ…c Required privilege Unauthenticated...
WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)
Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...
WordPress Media Library Assistant Plugin <= 3.09 is vulnerable to Remote Code Execution (RCE)
Software Media Library Assistant Type Plugin Vulnerable versions = 3.09 Fixed in 3.10 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4634 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a9f84b644a17 Credits Pepitoh Required privilege...
WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Arbitrary File Upload
Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-2414 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 69648001908f Credit...
WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 835a4691203f Credits Rafie Muhammad...
WordPress fitness-trainer Plugin < 1.4.1 is vulnerable to Privilege Escalation
Software fitness-trainer Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 4ffd920db47c Credits Omar Badran Required privilege...
WordPress Community Events plugin <= 1.4.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep sk4rl1ghT in the WordPress Community Events plugin versions = 1.4.8. Solution Update the WordPress Community Events plugin to the latest available version at least 1.4.9...
WordPress WP ULike plugin <= 4.6.4 - Race Condition vulnerability
Race Condition vulnerability leading to rating increase/decrease discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress WP ULike plugin versions = 4.6.3. Solution No patched version is available. No reply from the vendor since August 24th, 2022...
WordPress Anti Hacker plugin <= 4.19 - Auth. Arbitrary Plugin Installation vulnerability
Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Anti Hacker plugin versions = 4.19. Solution Update the WordPress Anti Hacker plugin to the latest available version at least 4.20...
WordPress Ezoic plugin <= 2.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera Patchstack Alliance in the WordPress Ezoic plugin versions = 2.8.8. Solution Update the WordPress Ezoic plugin to the latest available version at least 2.8.9...
WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0. Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is...
WordPress Better Messages plugin <= 1.9.10.69 - Messaging Block Bypass vulnerability
Messaging Block Bypass vulnerability discovered by Dhakal Ananda Patchstack Alliance in WordPress Better Messages plugin versions = 1.9.10.69. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.71...
WordPress OWM Weather plugin <= 5.6.8 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress OWM Weather plugin versions = 5.6.8. Solution Update the WordPress OWM Weather plugin to the latest available version at least 5.6.9...
WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AgentEasy Properties plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is...
WordPress tagDiv Composer plugin < 3.5 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Truoc Phan Techlab Corporation in WordPress tagDiv Composer plugin versions 3.5. Solution Update the WordPress tagDiv Composer plugin to the latest available version at least 3.5...
WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability
Content From Multipart Emails Leak vulnerability when HTML/plaintext used discovered by Thomas Kräftner in WordPress core versions = 6.0.2. Solution Update the WordPress WordPress wordpress to the latest available version at least 6.0.3...
WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accessibility plugin versions = 1.0.3. Solution Update the WordPress Accessibility plugin to the latest available version at least 1.0.4...
WordPress CRM Perks Forms plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress CRM Perks Forms plugin versions = 1.1.0. Solution Update the WordPress CRM Perks Forms plugin to the latest available version at least 1.1.1...
WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress Analytics Cat plugin versions = 1.0.9. Solution Update the WordPress Analytics Cat plugin to the latest available version at least 1.1.0...
WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...
WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Pop-Up Chop Chop plugin versions = 2.1.7. Solution No patched version is available. No reply from the vendor...
WordPress Social Media Follow Buttons Bar plugin <= 4.73 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Social Media Follow Buttons Bar plugin versions = 4.73. Solution No patched version is available. No reply from the vendor...
WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to post deletion discovered by Dhakal Ananda Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.0.6...
WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Page Widget plugin versions = 3.9. Solution Update the WordPress WP Page Widget plugin to the latest available version at least 4.0...
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.3 Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the lates...
WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) leading to Translations Update
Cross-Site Request Forgery CSRF leading to Translations Update discovered by Muhammad Daffa Patchstack Alliance in WordPress Booking Calendar plugin versions = 9.2.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.2.2...
WordPress WP Taxonomy Import plugin <= 1.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by kaikaix in WordPress WP Taxonomy Import plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of August 5, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Ajax Load More plugin <= 5.5.3 - Authenticated Arbitrary File Read vulnerability
Authenticated Arbitrary File Read vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ajax Load More plugin versions = 5.5.3. Solution Update the WordPress Ajax Load More plugin to the latest available version at least 5.5.4...
WordPress Titan Anti Spam & Security Plugin <= 7.3.0 - Protection Bypass due to IP Spoofing vulnerability
Protection Bypass due to IP Spoofing vulnerability discovered by Daniel Ruf in Titan Anti-spam & Security versions = 7.3.0 Solution Update the WordPress Titan Anti-spam & Security plugin to the latest available version at least 7.3.1...
WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Universe Patchstack Alliance in WordPress Uploading SVG, WEBP and ICO files plugin versions = 1.0.1. Solution No patched version is available. Ignored by the vendor...
WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress SP Project & Document Manager plugin versions = 4.59. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.62...
WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress amCharts: Charts and Maps plugin versions = 1.4. Solution Update the WordPress amCharts: Charts and Maps plugin to the latest available version at least 1.4.1...
WordPress Mailchimp for WooCommerce plugin <= 2.7 - Authenticated Server-Side Request Forgery (SSRF) vulnerability
Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.1...
WordPress Mailchimp for WooCommerce plugin <= 2.7.1 - Authenticated Server-Side Request Forgery (SSRF) vulnerability
Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7.1. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.2...
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities
Multiple Improper Access Control vulnerabilities were discovered by Gennady Kovshenin Patchstack Alliance in the WordPress Affiliate For WooCommerce premium plugin versions = 4.7.0. Solution Update the WordPress Affiliate For WooCommerce premium plugin to the latest available version at least 4.8...
WordPress Better Search Replace plugin <= 1.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Christiaan Swiers in WordPress Better Search Replace plugin versions = 1.4. Solution Update the WordPress Better Search Replace plugin to the latest available version at least 1.4.1...