46629 matches found
WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control
Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...
WordPress JupiterX Core Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload
Software JupiterX Core Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-38388 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8bc7c34302b7 Credits Rafie Muhammad Patchstack Required privileg...
WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 835a4691203f Credits Rafie Muhammad...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...
WordPress Community Events plugin <= 1.4.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep sk4rl1ghT in the WordPress Community Events plugin versions = 1.4.8. Solution Update the WordPress Community Events plugin to the latest available version at least 1.4.9...
WordPress WP ULike plugin <= 4.6.4 - Race Condition vulnerability
Race Condition vulnerability leading to rating increase/decrease discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress WP ULike plugin versions = 4.6.3. Solution No patched version is available. No reply from the vendor since August 24th, 2022...
WordPress miniOrange Two-Factor Authentication plugin <= 5.6.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Calvin Alkan in WordPress miniOrange Two-Factor Authentication plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.6.2...
WordPress WPUpper Share Buttons plugin <= 3.42 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress WPUpper Share Buttons plugin versions = 3.42. Solution Deactivate and delete. This plugin has been closed as of November 9, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress wpForo Forum plugin <= 2.0.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.9. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.1.0...
WordPress Car Rental by BestWebSoft plugin <= 1.1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Car Rental by BestWebSoft plugin versions = 1.1.2. Solution No patched version is available...
WordPress Find and Replace All plugin <= 1.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Replacement discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.3. Solution No patched version available...
WordPress Fancier Author Box by ThematoSoup plugin <= 1.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Fancier Author Box by ThematoSoup plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary,...
WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AgentEasy Properties plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is...
WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Permalink Manager Lite plugin versions = 2.2.20. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.20.1...
WordPress Booster for WooCommerce premium plugin <= 5.6.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Checkout Files Deletion discovered by WPScan in WordPress Booster for WooCommerce premium plugin versions = 5.6.4. Solution Update the WordPress Booster Plus for WooCommerce plugin to the latest available version at least 5.6.5...
WordPress Zoho CRM Lead Magnet plugin <= 1.7.6.1 - Auth. Arbitrary Options Update vulnerability
Auth. Arbitrary Options Update vulnerability discovered by ptsfence Patchstack Alliance in WordPress Zoho CRM Lead Magnet plugin versions = 1.7.6.0. Solution Update the WordPress Zoho CRM Lead Magnet plugin to the latest available version at least 1.7.6.2...
WordPress WPQA premium plugin < 5.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Bikram Kharal in WordPress WPQA premium plugin versions 5.9. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.9...
WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability
Content From Multipart Emails Leak vulnerability when HTML/plaintext used discovered by Thomas Kräftner in WordPress core versions = 6.0.2. Solution Update the WordPress WordPress wordpress to the latest available version at least 6.0.3...
WordPress Role Based Pricing for WooCommerce premium plugin <= 1.6.2 - Auth. PHAR Deserialization vulnerability
Auth. PHAR Deserialization vulnerability discovered by WPScan in WordPress Role Based Pricing for WooCommerce premium plugin versions = 1.6.2. Solution Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version at least 1.6.3...
WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accessibility plugin versions = 1.0.3. Solution Update the WordPress Accessibility plugin to the latest available version at least 1.0.4...
WordPress AntiSpam by CleanTalk plugin <= 5.185 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Anti-Spam by CleanTalk plugin versions = 5.185. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.185.1...
WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...
WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability
Insecure direct object references IDOR vulnerability that allows subscriber+ users to mark any forum post as Solved/Unsolved was discovered by Dhakal Ananda Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest...
WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to post deletion discovered by Dhakal Ananda Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.0.6...
WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Page Widget plugin versions = 3.9. Solution Update the WordPress WP Page Widget plugin to the latest available version at least 4.0...
WordPress WP Custom Cursors plugin <= 3.0 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress WP Custom Cursors plugin versions = 3.0. Solution Update the WordPress WP Custom Cursors plugin to the latest available version at least 3.0.1...
WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) leading to Translations Update
Cross-Site Request Forgery CSRF leading to Translations Update discovered by Muhammad Daffa Patchstack Alliance in WordPress Booking Calendar plugin versions = 9.2.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.2.2...
WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress Event Calendar – Calendar plugin versions = 1.4.6. Solution Update the WordPress Event Calendar – Calendar plugin to the latest available version at least 1.4.7...
WordPress Ajax Load More plugin <= 5.5.3 - Directory Traversal vulnerability
Directory Traversal vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ajax Load More plugin versions = 5.5.3. Solution Update the WordPress Ajax Load More plugin to the latest available version at least 5.5.4...
WordPress Broken Link Checker Plugin <= 1.11.16 - Authenticated PHAR Deserialization vulnerability
Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in Broken Link Checker versions = 1.11.16 Solution Update the WordPress Broken Link Checker plugin to the latest available version at least 1.11.17...
WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress SP Project & Document Manager plugin versions = 4.59. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.62...
WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.10.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update
Cross-Site Request Forgery CSRF vulnerability leading to Settings/Options update discovered by Marco Wotschka in WordPress Ecwid Ecommerce Shopping Cart plugin versions = 6.10.23. Solution Update the WordPress Ecwid Shopping Cart plugin to the latest available version at least 6.10.24...
WordPress Mailchimp for WooCommerce plugin <= 2.7 - Authenticated Server-Side Request Forgery (SSRF) vulnerability
Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.1...
WordPress uContext for Clickbank plugin <= 3.9.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Hayato Takizawa in WordPress uContext for Clickbank plugin versions = 3.9.1. Solution Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This...
WordPress Ask Me premium theme < 6.8.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability Edit Profile was discovered by the WPScan team in WordPress Ask Me premium theme versions 6.8.4. Solution Update the WordPress Ask Me theme to the latest available version at least 6.8.4...
WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update
Cross-Site Request Forgery CSRF leading to plugin settings update discovered by ptsfence Patchstack Alliance in WordPress ЮKassa для WooCommerce plugin versions = 2.3.0. Solution Update the WordPress ЮKassa для WooCommerce plugin to the latest available version at least 2.3.1...
WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress BxSlider WP plugin versions = 2.0.0. Solution No patched version is available...
WordPress SearchWP Live Ajax Search plugin <= 1.6.1 - Unauthenticated Arbitrary Post Title Disclosure vulnerability
Unauthenticated Arbitrary Post Title Disclosure vulnerability discovered by Angelo Delicato in WordPress SearchWP Live Ajax Search plugin versions = 1.6.1. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.2...
WordPress GREYD.SUITE theme <= 1.2.6.1 - Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated File Upload vulnerability leading to Remote Code Execution RCE discovered by Bernhard Kau in WordPress GREYD.SUITE theme versions = 1.2.6.1. Solution Update the WordPress GREYD.SUITE theme to the latest available version at least 1.2.7...
WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 3.0.1. Solution No patched version is available. No way to contact the vendor...
WordPress GiveWP plugin <= 2.21.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...
WordPress Unyson plugin <= 2.7.26 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Unyson plugin versions = 2.7.26. Solution Update the WordPress to the latest available version at least 2.7.27...
WordPress Header Footer Code Manager plugin <= 1.1.23 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Header Footer Code Manager plugin versions = 1.1.23. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.24...
WordPress Yellow Yard Searchbar plugin <= 2.7.27 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Victor Pasman in WordPress Yellow Yard Searchbar plugin versions = 2.7.27. Solution No patched version available...
WordPress Social Media Share Buttons plugin <= 3.8.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Social Media Share Buttons plugin versions = 3.8.4. Solution Update the WordPress Social Media Share Buttons plugin to the latest available version at least 3.8.5...
WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Easy Pricing Tables plugin versions = 3.1.2. Solution Update the WordPress Easy Pricing Tables plugin to the latest available version at least 3.1.3...
WordPress JupiterX Core premium plugin <= 2.0.6 - Information Disclosure, Modification, and Denial of Service (DoS) vulnerabilities
Information Disclosure, Modification, and Denial of Service DoS vulnerabilities were discovered by Ramuel Gall Wordfence in the WordPress JupiterX Core premium plugin versions = 2.0.6. Solution Update the WordPress JupiterX Core premium plugin to the latest available version at least 2.0.7...
WordPress JivoChat Live Chat plugin <= 1.3.5.3 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress JivoChat Live Chat plugin versions = 1.3.5.3. Solution Update the WordPress JivoChat Live Chat plugin to the latest available version at least 1.3.5.4...
WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability
Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Breeze plugin versions = 2.0.2. Solution Update the WordPress Breeze plugin to the latest available version at least 2.0.3...
WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Subscribe plugin versions = 1.2.12. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 1.2.13...