46677 matches found
WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-49155 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f69c6cdb268...
WordPress Amazonify Plugin <= 0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Amazonify Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5818 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a36688b74e5b Credits Ala Arfaoui Required privile...
WordPress Left right image slideshow gallery Plugin <= 12.0 is vulnerable to SQL Injection
Software Left right image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5431 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8ec43c6fd5b Credits István Márton Required privilege...
WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.7 is vulnerable to Privilege Escalation
Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3162 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID...
WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection
Software Houzez CRM Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36529 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 5387270a680b Credits Dave Jong Patchstack Required privilege Subscriber...
WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)
Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...
WordPress The7 Theme <= 11.7.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software The7 Type Theme Vulnerable versions = 11.7.3 Fixed in 11.7.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32123 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 3ecb876f7b93 Credits Dave Jong Patchstack Requir...
WordPress Cream Blog Theme <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Cream Blog Type Theme Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 08758c27269b Credits László Radnai Required...
WordPress bolster Theme < 10 is vulnerable to Arbitrary File Upload
Software bolster Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8b3d84068dc9 Credits Joshua Small Required privilege...
WordPress Image Map Pro premium plugin <= 5.5.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Dave Jong Patchstack in the WordPress Image Map Pro premium plugin versions = 5.5.0. Solution No patched version is available. No reply from the vendor for a long time...
WordPress Anti Hacker plugin <= 4.19 - Auth. Arbitrary Plugin Installation vulnerability
Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Anti Hacker plugin versions = 4.19. Solution Update the WordPress Anti Hacker plugin to the latest available version at least 4.20...
WordPress Welcart e-Commerce plugin <= 2.8.3 - Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability
Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability discovered by Lana Codes in WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...
WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by dhakalananda Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.9. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.1.0...
WordPress News Announcement Scroll plugin <= 8.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in the WordPress News Announcement Scroll plugin versions = 8.8.8. Solution Update the WordPress News Announcement Scroll plugin to the latest available version at least 9.0.0...
WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability
Auth. PHP Object Injection vulnerability discovered by Dave Jong Patchstack in the WordPress Betheme theme versions = 26.5.1.4. Solution Update the WordPress Betheme theme to the latest available version at least 26.6...
WordPress WPSmartContracts plugin <= 1.3.11 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WPSmartContracts plugin versions = 1.3.11 Solution Update the WordPress WPSmartContracts plugin to the latest available version at least 1.3.12...
WordPress Homepage PopUp plugin <= 1.2.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in the WordPress Homepage Pop-up plugin versions = 1.2.5. Solution No patched version is available. No reply from the vendor...
WordPress WP User Frontend plugin <= 3.5.28 - Obscure Registration as Admin vulnerability
Obscure Registration as Admin vulnerability discovered by AyeCode Ltd in WordPress WP User Frontend plugin versions = 3.5.28. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.29...
WordPress Gallery Images Ape plugin <= 2.2.8 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. Cross-Site Scripting XSS vulnerability discovered by thiennv Patchstack Alliance in WordPress Gallery Images Ape plugin versions = 2.2.8. Solution No patched version is available. No reply from the vendor...
WordPress Ask Me premium theme < 6.8.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Post Deletion discovered by Srijan Adhikari in WordPress Ask Me premium theme versions 6.8.7. Solution Update the WordPress Ask Me theme to the latest available version at least 6.8.7...
WordPress Web Stories plugin <= 1.24.0 - Auth. Server-Side Request Forgery (SSRF) vulnerability
Auth. Server-Side Request Forgery SSRF vulnerability discovered by Aymen Borgi in the WordPress Web Stories plugin versions = 1.24.0. Solution Update the WordPress Web Stories plugin to the latest available version at least 1.25.0...
WordPress Newsmag premium theme 5.2.1 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Truoc Phan in the WordPress Newsmag premium theme version 5.2.1. Solution Update the WordPress NewsMag theme to the latest available version at least 5.2.2...
WordPress Auto Upload Images plugin <= 3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Patchstack Alliance in the WordPress Auto Upload Images plugin versions = 3.3. Solution No patched version is available. No reply from the vendor...
WordPress Rock Convert plugin <= 2.10.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by José Ricardo in the WordPress Rock Convert plugin versions = 2.10.2. Solution Update the WordPress Rock Convert plugin to the latest available version at least 2.11.0...
WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress Analytics Cat plugin versions = 1.0.9. Solution Update the WordPress Analytics Cat plugin to the latest available version at least 1.1.0...
WordPress Accordions plugin <= 2.0.3 - Authenticated WordPress Options Change vulnerability
Authenticated WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...
WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Pop-Up Chop Chop plugin versions = 2.1.7. Solution No patched version is available. No reply from the vendor...
WordPress Social Media Follow Buttons Bar plugin <= 4.73 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Social Media Follow Buttons Bar plugin versions = 4.73. Solution No patched version is available. No reply from the vendor...
WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Reset vulnerability
Unauthenticated Plugin Settings Reset vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress TH Advance Product Search plugin versions = 1.1.4. Solution No patched version is available. Ignored by the vendor since Aug 2, 2022...
WordPress Frontend File Manager plugin <= 21.3 - File Upload via Cross-Site Request Forgery (CSRF) vulnerability
File Upload via Cross-Site Request Forgery CSRF vulnerability was discovered by Raad Haddad Cloudyrion GmbH in the WordPress Frontend File Manager plugin versions = 21.3. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.4...
WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Muhammad Daffa Patchstack Alliance in WordPress Seriously Simple Podcasting plugin versions = 2.16.0. Solution Update the WordPress Seriously Simple Podcasting plugin to the latest available version at...
WordPress Import all XML, CSV & TXT plugin <= 6.5.7 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin versions = 6.5.7. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.8...
WordPress Photospace Gallery plugin <= 2.3.5 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in WordPress Photospace Gallery plugin versions = 2.3.5. Solution No patched version is available. No reply from the vendor...
WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Read more By Adam plugin versions = 1.1.8. Solution No patched version is available. No reply from the vendor...
WordPress Frontend File Manager plugin <= 21.2 - Unauthenticated File Renaming vulnerability
Unauthenticated File Renaming vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Frontend File Manager plugin versions = 21.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.3...
WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability
Missing Access Control vulnerability leading to Unauthenticated Stored XSS and plugin settings change discovered by ptsfence in WordPress About Rentals plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...
WordPress WP Taxonomy Import plugin <= 1.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by kaikaix in WordPress WP Taxonomy Import plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of August 5, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Contest Gallery plugin versions = 17.0.4. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 17.0.5...
WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress amCharts: Charts and Maps plugin versions = 1.4. Solution Update the WordPress amCharts: Charts and Maps plugin to the latest available version at least 1.4.1...
WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Raad Haddad in WordPress Simply Schedule Appointments plugin versions = 1.5.7.6. Solution Update the WordPress Simply Schedule Appointments plugin to the latest available version at least 1.5.7.7...
WordPress Duplicator plugin <= 1.4.6 - Unauthenticated Backup Download vulnerability
Unauthenticated Backup Download vulnerability discovered by Ihsan Sencan in WordPress Duplicator plugin versions = 1.4.6. Solution Update the WordPress Duplicator plugin to the latest available version at least 1.4.7...
WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities
Multiple Improper Access Control vulnerabilities were discovered by Gennady Kovshenin Patchstack Alliance in the WordPress Affiliate For WooCommerce premium plugin versions = 4.7.0. Solution Update the WordPress Affiliate For WooCommerce premium plugin to the latest available version at least 4.8...
WordPress Better Search Replace plugin <= 1.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Christiaan Swiers in WordPress Better Search Replace plugin versions = 1.4. Solution Update the WordPress Better Search Replace plugin to the latest available version at least 1.4.1...
WordPress Student Result or Employee Database plugin <= 1.7.9 - Unauthorized REST Calls vulnerability
Unauthorized REST Calls vulnerability discovered by WPScanTeam in WordPress Student Result or Employee Database plugin versions = 1.7.9. Solution Update the WordPress Student Result or Employee Database plugin to the latest available version at least 1.8.0...
WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Unauthorized Settings Change vulnerability
Unauthorized Settings Change vulnerability discovered by Julien Ahrens in WordPress Transposh WordPress Translation plugin versions = 1.0.8.1. Solution Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue...
WordPress TranslatePress plugin <= 2.3.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Elias Hohl in WordPress TranslatePress plugin versions = 2.3.2. Solution Update the WordPress TranslatePress plugin to the latest available version at least 2.3.3...
WordPress Rough Chart plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Siddhant Suresh Ughade in WordPress Rough Chart plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This closure is temporary, pending ...
WordPress YaySMTP plugin <= 2.2 - Authenticated SMTP Credentials Leak vulnerability
Authenticated SMTP Credentials Leak vulnerability discovered by Rafshanzani Suhada in WordPress YaySMTP plugin versions = 2.2. Solution Update the WordPress YaySMTP plugin to the latest available version at least 2.2.1...
WordPress Simple Membership plugin <= 4.1.2 - Membership Privilege Escalation vulnerability
Membership Privilege Escalation vulnerability discovered by Jet Infosystems in WordPress Simple Membership plugin versions = 4.1.2. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.1.3...
WordPress SP Project & Document Manager plugin <= 4.57 - Sensitive File Disclosure vulnerability
Sensitive File Disclosure vulnerability discovered by Viktor Markopoulos in WordPress SP Project & Document Manager plugin versions = 4.57. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.58...