46629 matches found
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Unauthenticated SQL Injection SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending ...
WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version...
WordPress BulletProof Security plugin <= 6.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress BulletProof Security plugin versions = 6.0. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 6.1...
WordPress Import and export users and customers plugin <= 1.19.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by 0x23.so in WordPress Import and export users and customers plugin versions = 1.19.2. Solution Update the WordPress Import and export users and customers plugin to the latest available version at least 1.19.2.1...
WordPress Coming Soon by Supsystic plugin <= 1.7.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Coming Soon by Supsystic plugin versions = 1.7.5. Solution Update the WordPress Coming Soon by Supsystic plugin to the latest available version at least 1.7.6...
WordPress Users Ultra plugin <= 3.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Users Ultra plugin versions = 3.1.0. Solution Deactivate and delete. This plugin has been closed as of March 14, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Sassy Social Share plugin <= 3.3.39 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Paul J. Martinez in WordPress Sassy Social Share plugin versions = 3.3.39. Solution Update the WordPress Sassy Social Share plugin to the latest available version at least 3.3.40...
WordPress Ad Inserter plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.12...
WordPress Popup Like box plugin <= 3.6.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Popup Like box plugin versions = 3.6.0. Solution Update the WordPress Popup Like box plugin to the latest available version at least 3.6.1...
WordPress dTabs plugin <= 1.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress dTabs plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin < 1.17.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin versions 1.17.0.4. Solution Update the WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin to the latest available version at least...
WordPress Premmerce SEO for WooCommerce plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce SEO for WooCommerce plugin versions = 2.1.4. Solution Update the WordPress Premmerce SEO for WooCommerce plugin to the latest available version at least 2.1.5...
WordPress miniOrange's Google Authenticator plugin <= 5.4.52 - Unauthenticated Arbitrary Options Deletion vulnerability
Unauthenticated Arbitrary Options Deletion vulnerability discovered by Krzysztof Zając in WordPress miniOrange's Google Authenticator plugin versions = 5.4.52. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5...
WordPress AP Mega Menu plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Mega Menu plugin versions = 3.0.7. Solution Update the WordPress AP Mega Menu plugin to the latest available version at least 3.0.8...
WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability via 'browser' discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...
WordPress MaxGalleria plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in the WordPress MaxGalleria plugin versions = 6.2.7. Solution Update the WordPress MaxGalleria plugin to the latest available version at least 6.2.8...
WordPress LearnPress plugin <= 4.1.4.1 - Arbitrary Image Renaming vulnerability
Arbitrary Image Renaming vulnerability discovered by Ceylan Bozogullarindan in WordPress LearnPress plugin versions = 4.1.4.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.5...
WordPress WP Cloudy plugin <= 4.4.8 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WP Cloudy plugin versions = 4.4.8. Solution Update the WordPress WP Cloudy plugin to the latest available version at least 4.4.9...
WordPress AnyComment plugin <= 0.2.17 - Comment Rating Increase/Decrease via Race Condition vulnerability
Comment Rating Increase/Decrease via Race Condition vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.2.17 Solution Update the WordPress AnyComment plugin to the latest available version at least 0.2.18...
WordPress WOOCS – Currency Switcher for WooCommerce plugin <= 1.3.7.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WOOCS – Currency Switcher for WooCommerce plugin versions = 1.3.7.4. Solution Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version at least 1.3.7.5...
WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability at bpmessagesfavorite discovered by Vlad Vector Patchstack in WordPress Better Messages plugin versions = 1.9.9.148. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.149...
WordPress WP-DownloadManager plugin <= 1.68.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.6. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.7...
WordPress WP Store theme <= 1.1.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WP Store theme versions = 1.1.9. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...
WordPress AnyComment plugin <= 0.3.4 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.3.4. Solution Update the WordPress AnyComment plugin to the latest available version at least 0.3.5...
WordPress PowerPack Addons for Elementor plugin <= 2.6.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress PowerPack Addons for Elementor plugin versions = 2.6.1. Solution Update the WordPress PowerPack Addons for Elementor plugin to the latest available version at least 2.6.2...
WordPress Chaty plugin <= 2.8.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Chaty plugin versions = 2.8.2. Solution Update the WordPress Chaty plugin to the latest available version at least 2.8.3...
WordPress OMGF | Host Google Fonts Locally plugin <= 4.5.11 - Arbitrary Folder Deletion via Path Traversal vulnerability
Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress OMGF | Host Google Fonts Locally plugin versions = 4.5.11. Solution Update the WordPress OMGF | Host Google Fonts Locally plugin to the latest available version at least 4.5.12...
WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.3. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.6...
WordPress StoreVilla theme <= 1.4.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress StoreVilla theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Mediamatic – Media Library Folders plugin <= 2.7 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Mediamatic – Media Library Folders plugin versions = 2.7. Solution Deactivate and delete. This plugin has been closed as of October 11, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress WOOCS – Currency Switcher for WooCommerce plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress WOOCS – Currency Switcher for WooCommerce plugin versions = 1.3.7. Solution Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version at least 1.3.7.1...
WordPress Stream plugin <= 3.8.1 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Stream plugin versions = 3.8.1. Solution Update the WordPress Stream plugin to the latest available version at least 3.8.2...
WordPress Brizy – Page Builder plugin <= 2.3.11 - Incorrect authorization checks allowing Post modification vulnerability
Incorrect authorization checks allowing Post modification vulnerability discovered by Ramuel Gall WordFence in WordPress Brizy – Page Builder plugin versions = 2.3.11. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.3.12...
WordPress Post Content XMLRPC plugin <= 1.0 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Post Content XMLRPC plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 21, 2021 and is not available for download. Reason: Security Issue...
WordPress Simple Download Monitor plugin <= 3.9.5.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5.1. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...
WordPress Ark-commenteditor plugin <= 2.15.6 - Iframe Injection via Comment vulnerability
Iframe Injection via Comment vulnerability discovered by Rasi Afeef in WordPress Ark-commenteditor plugin versions = 2.15.6. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. Reason: Security Issue...
WordPress LearnPress plugin <= 4.1.3 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Shivam Rai in the WordPress LearnPress plugin versions = 4.1.3. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.3.1...
WordPress MicroCopy plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress MicroCopy plugin versions = 1.1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
WordPress SendGrid plugin <= 1.11.8 - Authenticated Authorization Bypass vulnerability
Authenticated Authorization Bypass vulnerability discovered by Prashant Baldha in WordPress SendGrid plugin versions = 1.11.8. Solution This plugin has been closed as of July 13, 2021 and is not available for download. This closure is permanent...
WordPress Form Maker plugin <= 1.13.59 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress Form Maker plugin versions = 1.13.59. Solution Update the WordPress Form Maker plugin to the latest available version at least 1.13.60...
WordPress Prismatic plugin <= 2.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Prismatic plugin versions = 2.7. Solution Update the WordPress Prismatic plugin to the latest available version at least 2.8...
WordPress YOP Poll plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Toby Jackson in WordPress YOP Poll plugin versions = 6.2.7. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.2.8...
WordPress Redirect 404 to parent plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Redirect 404 to parent plugin versions = 1.3.0. Solution Update the WordPress Redirect 404 to parent plugin to the latest available version at least 1.3.1...
WordPress WP Maintenance Mode & Site Under Construction plugin <= 1.8.1 - Arbitrary Plugin Installation and Activation vulnerability
Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress WP Maintenance Mode & Site Under Construction plugin versions = 1.8.1. Solution Update the WordPress WP Maintenance Mode & Site Under Construction plugin to the latest available version at least 1.8.2...
WordPress Patreon WordPress plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.7.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.2...
WordPress <= 5.5.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Erwan LR in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
WordPress Import XML and RSS Feeds plugin <= 2.0.1 - Server-Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability discovered by Suzhou Aurora Infinity Information Technology Co., Ltd. in WordPress Import XML and RSS Feeds plugin versions = 2.0.1. Solution Update the WordPress Import XML and RSS Feeds plugin to the latest available version at least 2.0.2...
WordPress 15zine premium theme <= 3.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress 15zine premium theme versions = 3.2.2. Solution Update the WordPress 15zine premium theme to the latest available version at least 3.3.0...
WordPress Careerfy premium theme <= 4.0.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities discovered by m0ze in WordPress Careerfy premium theme versions = 4.0.0. Solution Update the WordPress Careerfy premium theme to the latest available version at least 4.1.0...