46677 matches found
WordPress OAuth Single Sign On – SSO (OAuth Client) plugin <= 6.22.5 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth Single Sign On – SSO OAuth Client plugin versions = 6.22.5. Solution Update the WordPress OAuth Single Sign On – SSO OAuth Client plugin to the latest available version at least 6.22.6...
WordPress Download Manager plugin <= 3.2.43 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Download Manager plugin versions = 3.2.43. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.44...
WordPress Advanced Database Cleaner plugin <= 3.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Advanced Database Cleaner plugin versions = 3.1.0. Solution Update the WordPress Advanced Database Cleaner plugin to the latest available version at least 3.1.1...
WordPress Insights from Google PageSpeed plugin <= 4.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in WordPress Insights from the Google PageSpeed plugin versions = 4.0.6. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.7...
WordPress Popup Builder plugin <= 4.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Pritam Dash in WordPress Popup Builder plugin versions = 4.1.10. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.1.11...
WordPress wp-championship plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in the WordPress wp-championship plugin versions = 9.2. Solution Update the WordPress WP Championship plugin to the latest available version at least 9.3...
WordPress MyCSS plugin <= 1.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress MyCSS plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of May 31, 2022 and is not available for download. This closure is temporary, pendi...
WordPress Active Products Tables for WooCommerce plugin <= 1.0.4 - Reflected Cross-Site-Scripting (XSS) vulnerability
Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Active Products Tables for WooCommerce plugin versions = 1.0.4. Solution Update the WordPress Active Products Tables for WooCommerce plugin to the latest available version at least 1.0.5...
WordPress Allow svg files plugin <= 1.0 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Luan Pedersini in WordPress Allow svg files plugin versions = 1.0. Solution Update the WordPress Allow svg files plugin to the latest available version at least 1.1...
WordPress Ocean Extra plugin <= 1.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Ocean Extra plugin versions = 1.9.4. Solution Update the WordPress Ocean Extra plugin to the latest available version at least 1.9.5...
WordPress Auto Delete Posts plugin <= 1.3.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Auto Delete Posts plugin versions = 1.3.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...
WordPress Private Files plugin <= 0.40 - Protection Disabling via Cross-Site Request Forgery (CSRF) vulnerability
Protection Disabling via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Private Files plugin versions = 0.40. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...
WordPress Jupiter premium theme <= 6.10.1 - Authenticated Privilege Escalation and Post deletion vulnerability
Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...
WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability
Local File Inclusion LFI vulnerability was discovered by 0x9B Patchstack Alliance in WordPress Herd Effects plugin versions = 5.2. Solution Update the WordPress Herd Effects plugin to the latest available version at least 5.2.1...
WordPress Ask Me premium theme < 6.8.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in AJAX Actions
Multiple Cross-Site Request Forgery CSRF vulnerabilities in AJAX Actions were discovered by WPScanTeam in WordPress Ask Me premium theme versions 6.8.2. Solution Update the WordPress Ask Me premium theme to the latest available version at least 6.8.2...
WordPress Five Minute Webshop plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress Five Minute Webshop plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022...
WordPress IMDB Info Box plugin <= 2.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress IMDB Info Box plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Slide Anything plugin <= 2.3.43 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slide Anything plugin versions = 2.3.43. Solution Update the WordPress Slide Anything plugin to the latest available version at least 2.3.44...
WordPress BMI BMR Calculator plugin <= 1.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress BMI BMR Calculator plugin versions = 1.3. Solution Deactivate and delete. This plugin has been closed as of April 7, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...
WordPress Import WP plugin <= 2.4.5 - Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by ericfrank900528 in WordPress Import WP plugin versions = 2.4.5. Solution Update the WordPress Import WP plugin to the latest available version at least 2.4.6...
WordPress Multiple Shipping Address WooCommerce plugin <= 1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Multiple Shipping Address WooCommerce plugin versions = 1.0. Solution Update the WordPress Multiple Shipping Address WooCommerce plugin to the latest available version at least 2.0...
WordPress Content Egg plugin <= 5.2.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Content Egg plugin versions = 5.2.0. Solution Update the WordPress Content Egg plugin to the latest available version at least 5.3.0...
WordPress ThirstyAffiliates Affiliate Link Manager plugin <= 3.10.4 - Unauthorized Image Upload + CSRF vulnerabilities
Unauthorized Image Upload + CSRF vulnerabilities discovered by Muhamad Hidayat in WordPress ThirstyAffiliates Affiliate Link Manager plugin versions = 3.10.4. Solution Update the WordPress ThirstyAffiliates Affiliate Link Manager plugin to the latest available version at least 3.10.5...
WordPress Thank Me Later plugin <= 3.3.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Ankur Bakre in WordPress Thank Me Later plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of March 24, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress FV Flowplayer Video Player plugin <= 7.5.15.727 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress FV Flowplayer Video Player plugin versions = 7.5.15.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.18.727...
WordPress NS WooCommerce Watermark plugin <= 2.11.3 - Abuse of Functionality vulnerability
Abuse of Functionality vulnerability discovered by Felipe Restrepo Rodríguez in WordPress NS WooCommerce Watermark plugin versions = 2.11.3. Solution Deactivate and delete. This plugin has been closed as of March 15, 2022 and is not available for download. This closure is temporary, pending a ful...
WordPress UpdraftPlus plugin <= 1.22.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress UpdraftPlus plugin versions = 1.22.8. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.22.9...
WordPress Interactive Medical Drawing of Human Body plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rubina Shaikh in WordPress Interactive Medical Drawing of Human Body plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of February 17, 2022 and is not available for download. This closure is temporary,...
WordPress WPC Smart Wishlist for WooCommerce plugin <= 2.9.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WPC Smart Wishlist for WooCommerce plugin versions = 2.9.3. Solution Update the WordPress WPC Smart Wishlist for WooCommerce plugin to the latest available version at least 2.9.4...
WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.7.0.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Go Fetch Jobs for WP Job Manager plugin versions = 1.7.0.3. Solution Update the WordPress Go Fetch Jobs for WP Job Manager for WooCommerce plugin to the latest available version at least 1.7.3.2...
WordPress Iks Menu – WordPress Category Accordion Menu plugin <= 1.9.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Iks Menu – WordPress Category Accordion Menu plugin versions = 1.9.1. Solution Update the WordPress Iks Menu – WordPress Category Accordion Menu plugin to the latest available version at least 1.9.2...
WordPress Page Visit Counter plugin <= 6.0.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Page Visit Counter plugin versions = 6.0.8. Solution No patched version available...
WordPress WP Notification Bell plugin < 1.3.13 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Notification Bell plugin versions 1.3.13. Solution Update the WordPress WP Notification Bell plugin to the latest available version at least 1.3.13...
WordPress Countdown & Clock plugin <= 2.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Countdown & Clock plugin versions = 2.2.8. Solution Update the WordPress Countdown & Clock plugin to the latest available version at least 2.2.9...
WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability
Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...
WordPress WP Cerber Security plugin <= 8.9.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Cerber Security plugin versions = 8.9.5. Solution Update the WordPress WP Cerber Security plugin to the latest available version at least 8.9.6...
WordPress File Upload plugin <= 4.16.2 - Stored Cross-Site Scripting (XSS) via Malicious SVG vulnerability
Stored Cross-Site Scripting XSS via Malicious SVG vulnerability discovered by apple502j in WordPress File Upload plugin versions = 4.16.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.16.3...
WordPress Revolut Gateway for WooCommerce plugin <= 3.1.1 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Budiony Damyanov in WordPress Revolut Gateway for WooCommerce plugin versions = 3.1.1. Solution Update the WordPress Revolut Gateway for WooCommerce plugin to the latest available version at least 3.1.2...
WordPress Cost Calculator plugin <= 1.6 - Authenticated Local File Inclusion (LFI) vulnerability
Authenticated Local File Inclusion LFI vulnerability discovered by apple502j in WordPress Cost Calculator plugin versions = 1.6. Solution Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. Reason: Security Issue...
WordPress Coming soon and Maintenance mode plugin <= 3.6.6 - Arbitrary Email Sending to Subscribed Users vulnerability
Arbitrary Email Sending to Subscribed Users vulnerability discovered by Krzysztof Zając in WordPress Coming soon and Maintenance mode plugin versions = 3.6.6. Solution Update the WordPress Coming soon and Maintenance mode plugin to the latest available version at least 3.6.7...
WordPress Shield Security plugin <= 13.0.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Shield Security plugin versions = 13.0.5. Solution Update the WordPress Shield Security plugin to the latest available version at least 13.0.6...
WordPress Five Star Business Profile and Schema plugin <= 2.1.5 - Page creation and settings update leading to stored XSS vulnerability
Page creation and settings update leading to stored XSS vulnerability discovered by Krzysztof Zając in WordPress Five Star Business Profile and Schema plugin versions = 2.1.5. Solution Update the WordPress Five Star Business Profile and Schema plugin to the latest available version at least 2.1.6...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Harshit aka fumenoid and Sidhhant Chouhan aka sidchn in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.2. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at...
WordPress RVM – Responsive Vector Maps plugin <= 6.4.1 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by Krzysztof Zając in WordPress RVM – Responsive Vector Maps plugin versions = 6.4.1. Solution Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version at least 6.4.2...
WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Nicolas Vidal from TEHTRIS in WordPress The Plus Addons for Elementor Pro premium plugin versions = 5.0.6. Solution Update the WordPress The Plus Addons for Elementor Pro premium plugin to the latest available version at least 5.0.7...
WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh vigov5 in WordPress AMP for WP – Accelerated Mobile Pages plugin versions = 1.0.77.31. Solution Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version at least...
WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability
Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...
WordPress Rich Reviews plugin <= 1.9.5 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Rich Reviews plugin versions = 1.9.5. Solution Update the WordPress Rich Reviews plugin to the latest available version at least 1.9.6...