46681 matches found
WordPress Image Zoom plugin <= 1.8.8 - Multiple Broken Access Control vulnerabilities
Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Image Zoom plugin versions = 1.8.8. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary,...
WordPress Advanced Floating Content plugin <= 1.2.1 - Multiple Auth. Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Cross-Site Scripting XSS vulnerabilities were discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Advanced Floating Content plugin versions = 1.2.1. Solution Update the WordPress Advanced Floating Content plugin to the latest available version at least 1.2.2...
WordPress Complianz premium plugin 6.3.3-6.3.5 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Sakri Rafael Koskimies saggre in the WordPress Complianz premium plugin versions 6.3.3-6.3.5. Solution Update the WordPress Complianz Premium plugin to the latest available version at least 6.3.6...
WordPress WooCommerce Dropshipping premium plugin <= 4.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by WPScan in WordPress WooCommerce Dropshipping premium plugin versions = 4.3. Solution Update the WordPress WooCommerce Dropshipping plugin to the latest available version at least 4.4...
WordPress Optinly plugin <= 1.0.11 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Optinly plugin = 1.0.11 Solution No patched version is available. No reply from the vendor...
WordPress LearnPress plugin <= 4.1.7.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability via REST API discovered by Nguyen Duy Quoc Khanh in the WordPress LearnPress plugin versions = 4.1.7.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.7.2...
WordPress HREFLANG Tags Lite plugin <= 2.0.0 - Unauthenticated Plugin Data Reset vulnerability
Unauthenticated Plugin Data Reset vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress HREFLANG Tags Lite plugin versions = 2.0.0. Solution No patched version is available. No reply from the vendor...
WordPress Redirection for Contact Form 7 plugin <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability
Unauthenticated Options Change vulnerability discovered by mirphak Patchstack Alliance in WordPress Redirection for Contact Form 7 plugin versions = 2.4.0. Successful exploitation requires an additional extension plugin AccessiBe. An attacker can inject a script into the footer. Solution Update t...
WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in the WordPress Kraken.io Image Optimizer plugin versions = 2.6.5. Solution Update the WordPress Kraken.io Image Optimizer plugin to the latest available version at least 2.6.6...
WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Multiple Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef in WordPress 3D Tag Cloud plugin versions = 3.8. Solution No patched version is available. No reply from the vendor...
WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Shortcodes Actions And Filters plugin versions = 2.0.9. Solution No patched version is available. No reply from the vendor...
WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.0.6...
WordPress WP Socializer plugin <= 7.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress WP Socializer plugin versions = 7.2 Solution Update the WordPress Socializer plugin to the latest available version at least 7.3...
WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability
Authenticated Plugin Setting change vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Shamsi plugin versions = 4.1.1. Solution Update the WordPress WP Shamsi plugin to the latest available version at least 4.2.0...
WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress History Timeline plugin versions = 1.0.5. Solution Deactivate and delete. No reply from the vendor...
WordPress Beaver Builder plugin <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via caption
Authenticated Stored Cross-Site Scripting XSS vulnerability via caption discovered by Zhouyuan Yang in WordPress Beaver Builder plugin versions = 2.5.5.2. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.5.3...
WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability
Missing Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accommodation System plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Notification Bar for WordPress plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Notification Bar for WordPress plugin versions = 1.1.8. Solution Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This...
WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability was discovered by Robert Rowley Patchstack in the WordPress Easy Digital Downloads plugin versions = 3.0.1. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.0.2...
WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Floating Div plugin versions = 3.0. Solution No patched version available...
WordPress WPGraphQL WooCommerce plugin <= 0.11.0 - Unauthenticated Coupon Codes Disclosure vulnerability
Unauthenticated Coupon Codes Disclosure vulnerability discovered by Rohan Pagey in WordPress WPGraphQL WooCommerce plugin versions = 0.11.0. Solution No patched version available...
WordPress WP Coder plugin <= 2.5.2 - Code Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Code Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Coder plugin versions = 2.5.2. Solution Update the WordPress WP Coder plugin to the latest available version at least 2.5.3...
WordPress Easy Student Results plugin <= 2.2.8 - Sensitive Information Disclosure via REST API vulnerability
Sensitive Information Disclosure via REST API vulnerability discovered by Raad Haddad in WordPress Easy Student Results plugin versions = 2.2.8. Solution Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a...
WordPress WP DS Blog Map plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress WP DS Blog Map plugin versions = 3.1.3. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This...
WordPress Microsoft Advertising Universal Event Tracking (UET) plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chowdhury Faizal Ahammed in WordPress Microsoft Advertising Universal Event Tracking UET plugin versions = 1.0.3. Solution Update the WordPress Microsoft Advertising Universal Event Tracking UET plugin to the latest availab...
WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability
Unauthenticated Arbitrary Option Update vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.0.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.0.3...
WordPress Simple Post Notes plugin <= 1.7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Kumar eSec Forte Technologies Pvt Ltd in WordPress Simple Post Notes plugin versions = 1.7.5. Solution Update the WordPress Simple Post Notes plugin to the latest available version at least 1.7.6...
WordPress Discount Rules for WooCommerce plugin <= 2.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Discount Rules for WooCommerce plugin versions = 2.4.1. Solution Update the WordPress Discount Rules for WooCommerce plugin to the latest available version at least 2.4.2...
WordPress Best Contact Management Software plugin <= 3.7.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Best Contact Management Software plugin versions = 3.7.3. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary,...
WordPress Very Simple Breadcrumb plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rahul Selvakumar in WordPress Very Simple Breadcrumb plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pendi...
WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team Manager plugin versions = 1.6.9. Solution Deactivate and delete. No reply from the vendor...
WordPress Nested Pages plugin <= 3.1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress Nested Pages plugin versions = 3.1.20. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.21...
WordPress Product Configurator for WooCommerce plugin <= 1.2.31 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by cydave in WordPress Product Configurator for WooCommerce plugin versions = 1.2.31. Solution Update the WordPress Product Configurator for WooCommerce plugin to the latest available version at least 1.2.32...
WordPress Image Gallery – Grid Gallery plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Image Gallery – Grid Gallery plugin versions = 1.1.5. Solution Update the WordPress Image Gallery – Grid Gallery plugin to the latest available version at least 1.1.6...
WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Promotion Slider plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download...
WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability
Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...
WordPress MailerLite – Signup forms plugin <= 1.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress MailerLite – Signup forms plugin versions = 1.5.3. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least 1.5.4...
WordPress HC Custom WP-Admin URL plugin <= 1.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporar...
WordPress Files Download Delay plugin <= 1.0.6 - Subscriber+ Settings Reset vulnerability
Subscriber+ Settings Reset vulnerability discovered by Daniel Ruf in WordPress Files Download Delay plugin versions = 1.0.6. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.7...
WordPress Call&Book Mobile Bar plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Call&Book Mobile Bar plugin versions = 1.2.2. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. Thi...
WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion
Cross-Site Request Forgery CSRF vulnerability leading to CPT base deletion discovered by Ex.Mi Patchstack in WordPress Remove CPT base plugin versions = 5.8. Solution Update the WordPress Remove CPT base plugin to the latest available version at least 5.9...
WordPress Smush plugin <= 3.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Smush plugin versions = 3.9.8. Solution Update the WordPress Smush plugin to the latest available version at least 3.9.9...
WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef in WordPress Footer Text plugin versions = 2.0.3. Solution No patched version is available. No response from the vendor...
WordPress Vertical scroll recent post plugin <= 13.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Vertical scroll recent post plugin versions = 13.8. Solution Update the WordPress Vertical scroll recent post plugin to the latest available version at least 14.0...
WordPress Call Now Button plugin <= 1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 7coo and JrXnm in WordPress Call Now Button plugin versions = 1.1.1. Solution Update the WordPress Call Now Button plugin to the latest available version at least 1.1.2...
WordPress Event List plugin <= 0.8.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Event List plugin versions = 0.8.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. Reason: Security Issue...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...
WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability
Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...
WordPress Advanced Page Visit Counter <= 6.1.5 - Blind SQL Injection (SQLi) vulnerability
Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Advanced Page Visit Counter versions = 6.1.5. Solution Update the WordPress Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin to the latest available version at least 6.1.6...
WordPress Easy Digital Downloads plugin <= 2.11.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...