WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...

WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion

Cross-Site Request Forgery CSRF vulnerability leading to CPT base deletion discovered by Ex.Mi Patchstack in WordPress Remove CPT base plugin versions = 5.8. Solution Update the WordPress Remove CPT base plugin to the latest available version at least 5.9...

WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Subscribe plugin versions = 1.2.12. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 1.2.13...

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...

WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef in WordPress Footer Text plugin versions = 2.0.3. Solution No patched version is available. No response from the vendor...

WordPress Vertical scroll recent post plugin <= 13.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Vertical scroll recent post plugin versions = 13.8. Solution Update the WordPress Vertical scroll recent post plugin to the latest available version at least 14.0...

WordPress Call Now Button plugin <= 1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 7coo and JrXnm in WordPress Call Now Button plugin versions = 1.1.1. Solution Update the WordPress Call Now Button plugin to the latest available version at least 1.1.2...

WordPress Slide Anything plugin <= 2.3.43 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slide Anything plugin versions = 2.3.43. Solution Update the WordPress Slide Anything plugin to the latest available version at least 2.3.44...

WordPress Content Egg plugin <= 5.2.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Content Egg plugin versions = 5.2.0. Solution Update the WordPress Content Egg plugin to the latest available version at least 5.3.0...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...

WordPress Easy Digital Downloads plugin <= 2.11.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...

WordPress LearnPress plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress LearnPress plugin versions = 4.1.5. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6...

WordPress Post Grid plugin <= 2.1.15 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability via posttypes discovered by Krzysztof Zając in WordPress Post Grid plugin versions = 2.1.15. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.1.16...

WordPress NS WooCommerce Watermark plugin <= 2.11.3 - Abuse of Functionality vulnerability

Abuse of Functionality vulnerability discovered by Felipe Restrepo Rodríguez in WordPress NS WooCommerce Watermark plugin versions = 2.11.3. Solution Deactivate and delete. This plugin has been closed as of March 15, 2022 and is not available for download. This closure is temporary, pending a ful...

WordPress Plezi plugin <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress Plezi plugin versions = 1.0.2. Solution Update the WordPress Plezi plugin to the latest available version at least 1.0.3...

WordPress Popup Like box plugin <= 3.6.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Popup Like box plugin versions = 3.6.0. Solution Update the WordPress Popup Like box plugin to the latest available version at least 3.6.1...

WordPress Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) plugin <= 1.3.32 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Royal Elementor Addons Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates plugin versions = 1.3.32. Solution Update...

WordPress Divi Content Restrictor plugin <= 1.3.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Divi Content Restrictor plugin versions = 1.3.0. Solution Update the WordPress Divi Content Restrictor plugin to the latest available version at least 1.4.1...

WordPress WP Notification Bell plugin < 1.3.13 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Notification Bell plugin versions 1.3.13. Solution Update the WordPress WP Notification Bell plugin to the latest available version at least 1.3.13...

WordPress Cookie Information plugin <= 2.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Cookie Information plugin versions = 2.0.7. Solution Update the WordPress Cookie Information plugin to the latest available version at least 2.0.8...

WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability via 'browser' discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...

WordPress File Upload plugin <= 4.16.2 - Stored Cross-Site Scripting (XSS) via Malicious SVG vulnerability

Stored Cross-Site Scripting XSS via Malicious SVG vulnerability discovered by apple502j in WordPress File Upload plugin versions = 4.16.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.16.3...

WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability

Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...

WordPress 3D FlipBook plugin <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting (XSS) vulnerability

Subscriber+ Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 3D FlipBook plugin versions = 1.12.0. Solution Update the WordPress 3D FlipBook plugin to the latest available version at least 1.12.1...

WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ngo Van Thien. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

WordPress WOOCS – Currency Switcher for WooCommerce plugin <= 1.3.7.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WOOCS – Currency Switcher for WooCommerce plugin versions = 1.3.7.4. Solution Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version at least 1.3.7.5...

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Harshit aka fumenoid and Sidhhant Chouhan aka sidchn in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.2. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at...

WordPress Mortgage Calculators WP plugin <= 1.55 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress Mortgage Calculators WP plugin versions = 1.55. Solution Update the WordPress Mortgage Calculators WP plugin to the latest available version at least 1.56...

WordPress WooCommerce – Store Exporter plugin <= 2.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce – Store Exporter plugin versions = 2.7. Solution Update the WordPress WooCommerce – Store Exporter plugin to the latest available version at least 2.7.1...

WordPress SupportCandy plugin <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion vulnerability

Unauthenticated Arbitrary Ticket Deletion vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.4. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.5...

WordPress WP Store theme <= 1.1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WP Store theme versions = 1.1.9. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...

WordPress Crisp Live Chat plugin <= 0.31 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by José Aguilera in WordPress Crisp Live Chat plugin versions = 0.31. Solution Update the WordPress Crisp Live Chat plugin to the latest available version at least 0.32...

WordPress Rich Reviews plugin <= 1.9.5 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Rich Reviews plugin versions = 1.9.5. Solution Update the WordPress Rich Reviews plugin to the latest available version at least 1.9.6...

WordPress WP Guppy plugin <= 1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Keyvan Hardani in WordPress WP Guppy plugin versions = 1.2. Solution Update the WordPress WP Guppy plugin to the latest available version at least 1.3...

WordPress HTML5 Responsive FAQ plugin <= 2.8.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress HTML5 Responsive FAQ plugin versions = 2.8.5. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...

WordPress Push Notifications for WordPress (Lite) plugin <= 6.0 - Cross-Site Request Forgery (CSRF) leading to Settings Update

Cross-Site Request Forgery CSRF leading to Settings Update discovered by Ten Katouno in WordPress Push Notifications for WordPress Lite plugin versions = 6.0. Solution Update the WordPress Push Notifications for WordPress Lite plugin to the latest available version at least 6.0.1...

WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability

Authenticated Arbitrary File Download vulnerability discovered by Ex.Mi Patchstack in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...

WordPress WPS Hide Login plugin <= 1.9 - Protection Bypass with Referer-Header vulnerability

Protection Bypass with Referer-Header vulnerability discovered by Daniel Ruf in WordPress WPS Hide Login plugin versions = 1.9. Solution Update the WordPress WPS Hide Login plugin to the latest available version at least 1.9.1...

WordPress Simple Download Monitor plugin <= 3.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.4. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.5...

WordPress 3DPrint Lite plugin <= 1.9.1.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Spacehen in WordPress 3DPrint Lite plugin versions = 1.9.1.4. Solution Update the WordPress 3DPrint Lite plugin to the latest available version at least 1.9.1.5...

WordPress Easy Twitter Feed plugin <= 1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński in WordPress Easy Twitter Feed plugin versions = 1.1. Solution Update the WordPress Easy Twitter Feed plugin to the latest available version at least 1.2...

WordPress Real Media Library Lite plugin <= 4.14.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Real Media Library Lite plugin versions = 4.14.1. Solution Update the WordPress Real Media Library Lite plugin to the latest available version at least 4.14.2...

WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

WordPress GiveWP plugin <= 2.11.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress GiveWP plugin versions = 2.11.3. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.12.0...

WordPress Bookshelf plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ABISHEIK M in WordPress Bookshelf plugin versions = 2.0.4. Solution Deactivate and delete. This plugin has been closed as of May 25, 2021 and is not available for download. Reason: Security Issue...

WordPress Fudousan Pro (multi) premium plugin <= 5.7.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Yu Iwama in WordPress Fudousan Pro multi premium plugin versions = 5.7.0. Solution Update the WordPress Fudousan Pro multi premium plugin to the latest available version at least 5.7.2...

WordPress GiveWP plugin <= 2.9.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Austin Bentley in WordPress GiveWP plugin versions = 2.9.7. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.10.0...

WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability

Cross-Site Request Forgery CSRF via backend admin pages vulnerability found in WordPress Elementor Contact Form DB plugin versions = 1.5. Solution Update the WordPress Elementor Contact Form DB plugin to the latest available version at least 1.6...

WordPress Elementor Website Builder plugin <= 3.0.13 - Unrestricted SVG Uploads vulnerability

Unrestricted SVG Uploads vulnerability found in WordPress Elementor Website Builder plugin versions = 3.0.13. Solution Update the WordPress Elementor Website Builder plugin to the latest available version at least 3.0.14...

WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...