46606 matches found
WordPress Sync QCloud COS plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Sync QCloud COS plugin versions = 2.0.0. Solution Update the WordPress Sync QCloud COS plugin to the latest available version at least 2.0.1...
WordPress File Upload plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability
Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload plugin versions = 4.16.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.16.3...
WordPress Essential Addons for Elementor plugin <= 5.0.4 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Wai Yan Myo Thet in WordPress Essential Addons for Elementor plugin versions = 5.0.4. Solution Update the WordPress Essential Addons for Elementor plugin to the latest available version at least 5.0.5...
WordPress TI WooCommerce Wishlist premium plugin <= 1.40.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress TI WooCommerce Wishlist premium plugin versions = 1.40.0. Solution Update the WordPress TI WooCommerce Wishlist premium plugin to the latest available version at least 1.40.1...
WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability
Server Information Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...
WordPress WP Responsive Menu plugin <= 3.1.7 - Subscriber+ Settings Update to Stored Cross-Site (XSS)
Subscriber+ Settings Update to Stored Cross-Site XSS discovered by Krzysztof ZajÄ…c in WordPress WP Responsive Menu plugin versions = 3.1.7. Solution Update the WordPress WP Responsive Menu plugin to the latest available version at least 3.1.7.1...
WordPress Simple Membership plugin <= 4.0.8 - Arbitrary Member Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Member Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof ZajÄ…c in WordPress Simple Membership plugin versions = 4.0.8. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.9...
WordPress Coming soon and Maintenance mode plugin <= 3.6.7 - Arbitrary Email Sending to Subscribed Users via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Email Sending to Subscribed Users via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof ZajÄ…c in WordPress Coming soon and Maintenance mode plugin versions = 3.6.7. Solution Update the WordPress Coming soon and Maintenance mode plugin to the latest available version ...
WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)
Cross-Site Request Forgery CSRF vulnerability leading to Data Reset Posts / Pages / Media discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...
WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS via Donation Forms Dashboard vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...
WordPress PPOM for WooCommerce plugin <= 23.9 - Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof ZajÄ…c in WordPress PPOM for WooCommerce plugin versions = 23.9. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 24.0...
WordPress Permalink Manager Pro premium plugin <= 2.2.14 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Permalink Manager Pro premium plugin versions = 2.2.14. Solution Update the WordPress Permalink Manager Pro premium plugin to the latest available version at least 2.2.15...
WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...
WordPress WP-DownloadManager plugin <= 1.68.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress WP-DownloadManager plugin versions = 1.68.6. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.7...
WordPress WP Mail Logging plugin <= 1.9.9 - Using Components with Known Vulnerabilities (vulnerable Redux Framework version)
Using Components with Known Vulnerabilities vulnerable Redux Framework version - CVE-2021-38312, CVE-2021-38314 discovered by Rotem Reiss in WordPress WP Mail Logging plugin versions = 1.9.9. Solution Update the WordPress WP Mail Logging plugin to the latest available version at least 1.10.0...
WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.5.9. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.6.1...
WordPress LearnPress plugin <= 4.1.3.2 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress LearnPress plugin versions = 4.1.3.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.4...
WordPress Formidable Forms plugin <= 5.0.06 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Formidable Forms plugin versions = 5.0.06. Solution Update the WordPress Formidable Forms plugin to the latest available version at least 5.0.07...
WordPress ZoomSounds premium plugin <= 6.45 - Unauthenticated Directory Traversal vulnerability
Unauthenticated Directory Traversal vulnerability discovered by DigitalJessica Ltd in WordPress ZoomSounds premium plugin versions = 6.45. Solution Update the WordPress ZoomSounds premium plugin to the latest available version at least 6.50...
WordPress Duplicate Page plugin <= 4.4.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Nikhil Kapoor EsecForte in WordPress Duplicate Page plugin versions = 4.4.2. Solution Update the WordPress Duplicate Page plugin to the latest available version at least 4.4.3...
WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability
Modify User Roles via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
WordPress AceIDE plugin <= 2.6.2 - Authenticated Local File Inclusion vulnerability
Authenticated Local File Inclusion vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress AceIDE plugin versions = 2.6.2. Solution This plugin has been closed as of June 1, 2021 and is not available for download. Reason: Security Issue...
WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...
WordPress Remove Footer Credit plugin <= 1.0.5 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Remove Footer Credit plugin versions = 1.0.5. Solution Update the WordPress Remove Footer Credit plugin to the latest available version at least 1.0.6...
WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Popular Posts plugin versions = 5.3.3. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.4...
WordPress ProfilePress plugin 3.0 – 3.1.3 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...
WordPress Salon booking system plugin <= 6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Phu Tran in WordPress Salon booking system plugin versions = 6.3 Solution Update the WordPress Salon booking system plugin to the latest available version at least 6.3.1...
WordPress Export Users With Meta plugin <= 0.6.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export Users With Meta plugin versions = 0.6.4. Solution Update the WordPress Export Users With Meta plugin to the latest available version at least 0.6.5...
WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress N5 Upload Form plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...
WordPress Backup, Restore and Migrate plugin 4.2.1 – 4.2.12 - Unprotected AJAX Action to Arbitrary File Overwrite and Sensitive Information Disclosure vulnerability
Unprotected AJAX Action to Arbitrary File Overwrite and Sensitive Information Disclosure vulnerability discovered by Chloe Chamberland WordFence in WordPress Backup, Restore and Migrate plugin versions 4.2.1 – 4.2.12. Solution Update the WordPress Backup, Restore and Migrate plugin to the latest...
WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by WordFence in WordPress Page Builder by SiteOrigin plugin versions = 2.10.15. Solution Update the WordPress Page Builder by SiteOrigin plugin to the latest available version at least 2.10.16...
WordPress Real-Time Find and Replace plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by WordFence in WordPress Real-Time Find and Replace plugin versions = 3.9. Solution Update the WordPress Real-Time Find and Replace plugin to the latest available version at least 4.0.2...
WordPress Chop Slider 3 plugin <= 3.4 - Blind SQL injection (SQLi) vulnerability
Blind SQL injection SQLi vulnerability found by Callum Murphy in WordPress Chop Slider 3 plugin versions = 3.4. Solution 2021-01-12 - we were unable to find a patched version of this plugin...
WordPress Contact Form 7 Datepicker plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress Contact Form 7 Datepicker plugin versions = 2.6.0. Solution This plugin has been closed as of April 1, 2020 and is not available for download. Reason: Security Issue...
WordPress CardGate Payments for WooCommerce plugin <= 3.1.15 - Payment Process Bypass vulnerability
Payment Process Bypass vulnerability discovered by GeekHack in WordPress CardGate Payments for WooCommerce plugin versions = 3.1.15. Solution Update the WordPress CardGate Payments for WooCommerce plugin to the latest available version at least 3.1.16...
WordPress YITH WooCommerce Request A Quote plugin <=1.4.8 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Request A Quote plugin versions =1.4.8. Solution Update the WordPress YITH WooCommerce Request A Quote plugin to the latest available version at least 1.4.9...
WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability
Reverse Tabnabbing vulnerability found by MTK in WordPress Wise Chat plugin versions = 2.6.3. Solution Update the WordPress Wise Chat plugin to the latest available version at least 2.7...
WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.17. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.18...
WordPress Caldera Forms plugin <=1.5.9.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Federico Scalco in WordPress Caldera Forms versions =1.5.9.1. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.6.0...
WordPress Ninja Forms plugin <=3.2.13 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Kasper Karlsson in WordPress Ninja Forms plugin versions = 3.2.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.2.14...
WordPress <= 4.5.2 - Session Hijacking
This vulnerability allows an attacker to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. Solution Update WordPress...
WordPress <= 4.2.3 - CSRF
This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action. Solution Update the plugin...
WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities
There are multiple vulnerabilities in this WordPress Membership plugin. 1. Privilege escalation. Because of this vulnerability, an attacker can take administrative role to the infected website via "ivmembershipupdateusersettings" AJAX action. 2. Stored XSS allows an attacker to login as regular...
WordPress Audio Player Plugin <= 2.0 - Multiple XSS
Because of these vulnerabilities in the wpajaxsaveitem function, the attackers can inject arbitrary web script or HTML via the "itemname" or "itemcustomcss" parameters in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php. Solution Upgrade the plugin...
WordPress WooCommerce Plugin <= 2.2.10 - XSS
Because of this vulnerability, an attacker can inject arbitrary web script or HTML via the QUERYSTRING in the wc-reports page to wp-admin/admin.php. Solution Update to version 2.2.11...
WordPress Apptha Video Gallery Plugin <= 2.7 - SQL Injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "vid" parameter in a rss action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress Acobot Live Chat & Contact Form Plugin <= 2.0 - Multiple CSRF
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks. Solution Upgrade the plugin...
WordPress Video Gallery Plugin 2.7.0 - SQL Injection
This WordPress Video Gallery plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress DBManager Plugin <= 2.7.1 - Multiple Vulnerabilities
There are multiple vulnerabilities in this plugin, that allow remote authenticated users to execute arbitrary commands via shell metacharacters in the $backup'filepath' or $backup'mysqldumppath' variable. Solution Update the plugin...
WordPress Ad Manager Plugin <=1.1.2 - Open Redirect
This vulnerability is in the track-click.php. It allows the attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "out" parameter. Solution Update the plugin...