46681 matches found
WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh vigov5 in WordPress AMP for WP – Accelerated Mobile Pages plugin versions = 1.0.77.31. Solution Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version at least...
WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability
Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...
WordPress Rich Reviews plugin <= 1.9.5 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Rich Reviews plugin versions = 1.9.5. Solution Update the WordPress Rich Reviews plugin to the latest available version at least 1.9.6...
WordPress ScrollMe theme <= 2.1.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress ScrollMe theme versions = 2.1.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...
WordPress HTML5 Responsive FAQ plugin <= 2.8.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress HTML5 Responsive FAQ plugin versions = 2.8.5. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...
WordPress WP Guppy plugin <= 1.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Keyvan Hardani in WordPress WP Guppy plugin versions = 1.2. Solution Update the WordPress WP Guppy plugin to the latest available version at least 1.3...
WordPress Push Notifications for WordPress (Lite) plugin <= 6.0 - Cross-Site Request Forgery (CSRF) leading to Settings Update
Cross-Site Request Forgery CSRF leading to Settings Update discovered by Ten Katouno in WordPress Push Notifications for WordPress Lite plugin versions = 6.0. Solution Update the WordPress Push Notifications for WordPress Lite plugin to the latest available version at least 6.0.1...
WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset
Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress WP Reset PRO premium plugin versions = 5.98. Solution Update the WordPress WP Reset PRO premium plugin to the latest available version at least v5.99...
WordPress Pie Register plugin <= 3.7.1.5 - Unauthenticated Arbitrary Login vulnerability
Unauthenticated Arbitrary Login vulnerability discovered by AyeCode Ltd in WordPress Pie Register plugin versions = 3.7.1.5. Solution Update the WordPress Pie Register plugin to the latest available version at least 3.7.1.6...
WordPress Simple Download Monitor plugin <= 3.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.4. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.5...
WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Widgets plugin versions = 1.8. Solution Update the WordPress Essential Widgets plugin to the latest available version at least 1.9...
WordPress SteamCast plugin <= 2.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński in WordPress SteamCast plugin versions = 2.1. Solution Update the WordPress SteamCast plugin to the latest available version at least 2.1.1...
WordPress Disable Image Right Click plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Disable Image Right Click plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Titan Framework plugin <= 1.12.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Titan Framework plugin versions = 1.12.1. Solution This plugin has been closed as of March 16, 2021 and is not available for download. This closure is permanent. Reason: Author Request...
WordPress Image Slider by Ays plugin <= 2.4.9 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Image Slider by Ays plugin versions = 2.4.9. Solution Update the WordPress Image Slider by Ays plugin to the latest available version at least 2.5.0...
WordPress Fudousan Pro (multi) premium plugin <= 5.7.0 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Yu Iwama in WordPress Fudousan Pro multi premium plugin versions = 5.7.0. Solution Update the WordPress Fudousan Pro multi premium plugin to the latest available version at least 5.7.2...
WordPress VikRentCar plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Satyender Yadav in WordPress VikRentCar plugin versions = 1.1.6. Solution Update the WordPress VikRentCar plugin to the latest available version at least 1.1.7...
WordPress Smart Slider 3 PRO premium plugin <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Hardik Solanki in WordPress Smart Slider 3 PRO premium plugin versions = 3.5.0.8. Solution Update the WordPress Smart Slider 3 PRO premium plugin to the latest available version at least 3.5.0.9...
WordPress GeoDirectory Location Manager premium plugin <= v2.1.0.9 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
Multiple Unauthenticated SQL Injection SQLi vulnerabilities discovered by Rafal Goryl in the WordPress GeoDirectory Location Manager premium plugin versions = v2.1.0.9. Solution Update the WordPress GeoDirectory Location Manager premium plugin to the latest available version at least 2.1.0.10...
WordPress W3 Total Cache plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress W3 Total Cache plugin versions = 2.1.2. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.3...
WordPress Teamleader CRM Forms plugin <= 2.0.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress Teamleader CRM Forms plugin versions = 2.0.0. Solution Update the WordPress Teamleader CRM Forms plugin to the latest available version at least 2.1.0...
WordPress The Plus Addons for Elementor premium plugin <= 4.1.6 - Privilege Escalation vulnerability
Privilege Escalation vulnerability found by Ville Korhonen in WordPress The Plus Addons for Elementor premium plugin versions = 4.1.6. Solution Update the WordPress The Plus Addons for Elementor premium plugin to the latest available version at least 4.1.7...
WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) leading to XSS and RCE via file upload and LFI
Cross-Site Request Forgery CSRF leading to XSS and RCE via file upload and LFI found by WordFence in WordPress NextGen Gallery plugin versions = 3.4.7. Solution Update the WordPress NextGen Gallery plugin to the latest available version at least 3.5.0...
WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to file upload
Cross-Site Request Forgery CSRF vulnerability leading to file upload found by WordFence in WordPress NextGen Gallery plugin versions = 3.4.7. Solution Update the WordPress NextGen Gallery plugin to the latest available version at least 3.5.0...
WordPress Activello theme <= 1.4.1 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Activello theme versions = 1.4.1. Solution Update the WordPress Activello theme to the latest available version at least 1.4.2...
WordPress Elementor Website Builder plugin <= 2.9.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Th3 Hidd3n 0n3 in WordPress Elementor Website Builder plugin versions = 2.9.13. Solution Update the WordPress Elementor Website Builder plugin to the latest available version at least 2.9.140...
WordPress Knight Lab Timeline plugin <= 3.6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability vulnerable TimelineJS library version discovered in WordPress Knight Lab Timeline plugin versions = 3.6.3.0. Solution Update the WordPress Knight Lab Timeline plugin to the latest available version at least 3.7.0.0...
WordPress Wp-Pro-Quiz plugin <= 0.37 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by HoanHP in WordPress Wp-Pro-Quiz plugin versions = 0.37. Solution This plugin has been closed as of June 17, 2020 and is not available for download. Reason: Security Issue...
WordPress Hero Maps Premium plugin <= 2.2.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability discovered by Hooper Labs in WordPress Hero Maps Premium plugin versions = 2.2.1. Solution Update the WordPress Hero Maps Premium plugin to the latest available version at least 2.2.3...
WordPress Woody Ad Snippets plugin <= 2.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress Woody Ad Snippets plugin versions = 2.2.7. Solution Update the WordPress Woody Ad Snippets plugin to the latest available version at least 2.2.8...
WordPress Nextgen Gallery plugin <= 3.2.8 - SQL Injection vulnerability
SQL Injection vulnerability found by Tin Duong Fortinet FortiGuard Labs in WordPress Nextgen Gallery plugin versions = 3.2.8. Solution Update the WordPress Nextgen Gallery plugin to the latest available version at least 3.2.10...
WordPress Advanced Contact form 7 DB plugin <= 1.6.1 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Tin Duong in WordPress Advanced Contact form 7 DB plugin versions = 1.6.1. Solution Update the WordPress Advanced Contact form 7 DB plugin to the latest available version at least 1.7.1...
WordPress WP Statistics plugin <= 12.6.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by kuqadk3 in WordPress WP Statistics plugin versions = 12.6.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 12.6.6.1...
WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin <= 6.0.7 - Unauthenticated CSV Injection vulnerability
Unauthenticated CSV Injection vulnerability found by Mark Parfeniuk in WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin versions = 6.0.7. Solution Update the WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin to the latest available version at least 6.0.8.1...
WordPress Blog2Social plugin <= 5.0.2 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Blog2Social plugin versions = 5.0.2. Solution Update the WordPress Blog2Social plugin to the latest available version at least 5.0.3...
WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability found by Paul Dannewitz in WordPress Yet Another Stars Rating plugin versions = 1.8.6. Solution Update the WordPress Yet Another Stars Rating plugin to the latest available version at least 1.8.7...
WordPress Comments Import & Export plugin <= 2.3.1 - CSV Injection vulnerability
CSV Injection vulnerability found by Bhushan B. Patil in WordPress Comments Import & Export plugin versions = 2.0.5. No fully patched version available...
WordPress Concours plugin <=1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability found by Nicolas Buzy-Debat in WordPress Concours plugin versions =1.1 Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated eight months ago. Uninstall or use it at your own risk...
WordPress WooCommerce Plugin <= 2.6.8 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability. It allows remote authenticated administrators to inject arbitrary code by manipulating tax-rate table values in CSV format. Solution Update the plugin...
WordPress <= 4.5.2 - XSS #2
WordPress 4.5.2 and previous versions are prone to a cross-site scripting vulnerability in the columntitle function in wp-admin/includes/class-wp-media-list-table.php. It allows an attacker to inject arbitrary web script or HTML via a crafted attachment name. Related:...
WordPress <= 4.5.2 - BYPASS #2
This vulnerability allows an attacker to bypass intended password-change restrictions by leveraging knowledge of a cookie. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-2...
WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)
Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...
WordPress Anti Plagiarism Plugin <= 3.60 - Cross-Site Scripting (XSS)
This plugin is prone to a cross site scripting vulnerability, because the variable "m" appears to send unsanitized data back to the users browser. Solution Update the plugin...
WordPress Parsi Font Plugin <= 4.2.5 - Cross Site Scripting (XSS)
This plugin is prone to a reflected cross site scripting vulnerability. Vulnerable file is /parsi-font/css.php. Solution Update the plugin...
WordPress <= 4.4.1 - XSS
WordPress before 4.4.1 is prone to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary script or HTML in the network settings page. Solution Update WordPress to 4.5...
WordPress <= 4.2.1 - XSS
This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type. Solution Update WordPress...
WordPress <= 4.4.1 - Open Redirect
This vulnerability in the wpvalidateredirect function in wp-includes/pluggable.php allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL which triggers incorrect hostname parsing. Solution Update WordPress...
WordPress <= 4.2.3 - Multiple Vulnerabilities
WordPress 4.2.3 is prone to a cross site scripting and SQL injection vulnerabilities that exist because the sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php does not use a constant-time comparison for widgets. In this way an attacker can execute a timing side-channel...
WordPress Users Ultra Plugin <= 1.5.15 - Multiple SQL Injection
Multiple SQL injection vulnerabilities allow the attackers to execute arbitrary SQL commands via 2 parameters: "datatarget" or "datavote" in a ratingvote wpajaxnoprivratingvote action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress Free Counter Plugin 1.1 - Stored XSS
This vulnerability works by using wpajaxnoprivcheckstat action. Any user can perform a stored XSS attack. Solution Upgrade the plugin...