46684 matches found
WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Promotion Slider plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download...
WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability
Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...
WordPress HC Custom WP-Admin URL plugin <= 1.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporar...
WordPress Files Download Delay plugin <= 1.0.6 - Subscriber+ Settings Reset vulnerability
Subscriber+ Settings Reset vulnerability discovered by Daniel Ruf in WordPress Files Download Delay plugin versions = 1.0.6. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.7...
WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion
Cross-Site Request Forgery CSRF vulnerability leading to CPT base deletion discovered by Ex.Mi Patchstack in WordPress Remove CPT base plugin versions = 5.8. Solution Update the WordPress Remove CPT base plugin to the latest available version at least 5.9...
WordPress Smush plugin <= 3.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Smush plugin versions = 3.9.8. Solution Update the WordPress Smush plugin to the latest available version at least 3.9.9...
WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef in WordPress Footer Text plugin versions = 2.0.3. Solution No patched version is available. No response from the vendor...
WordPress Vertical scroll recent post plugin <= 13.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Vertical scroll recent post plugin versions = 13.8. Solution Update the WordPress Vertical scroll recent post plugin to the latest available version at least 14.0...
WordPress Event List plugin <= 0.8.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Event List plugin versions = 0.8.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. Reason: Security Issue...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...
WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability
Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...
WordPress Advanced Page Visit Counter <= 6.1.5 - Blind SQL Injection (SQLi) vulnerability
Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Advanced Page Visit Counter versions = 6.1.5. Solution Update the WordPress Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin to the latest available version at least 6.1.6...
WordPress Easy Digital Downloads plugin <= 2.11.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...
WordPress Post Grid plugin <= 2.1.15 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability via posttypes discovered by Krzysztof Zając in WordPress Post Grid plugin versions = 2.1.15. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.1.16...
WordPress Easy Social Icons plugin <= 3.1.3 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by qerogram in WordPress Easy Social Icons plugin versions = 3.1.3. Solution Update the WordPress Easy Social Icons plugin to the latest available version at least 3.1.4...
WordPress Insights from Google PageSpeed plugin <= 4.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Insights from Google PageSpeed plugin versions = 4.0.3. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.4,...
WordPress Plezi plugin <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress Plezi plugin versions = 1.0.2. Solution Update the WordPress Plezi plugin to the latest available version at least 1.0.3...
WordPress Wow Countdowns plugin <= 3.1.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by 0xdecafbad in WordPress Wow Countdowns plugin versions = 3.1.2. Solution Deactivate and delete. This plugin has been closed as of January 18, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Coupon Affiliates plugin <= 4.16.4.4 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by cydave in WordPress Coupon Affiliates plugin versions = 4.16.4.4. Solution Update the WordPress Coupon Affiliates plugin to the latest available version at least 4.16.4.5...
WordPress Amelia plugin <= 1.0.46 - Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability
Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.46. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.47...
WordPress Database Peek plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Database Peek plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Divi Content Restrictor plugin <= 1.3.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Divi Content Restrictor plugin versions = 1.3.0. Solution Update the WordPress Divi Content Restrictor plugin to the latest available version at least 1.4.1...
WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin < 1.3.0.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin versions 1.3.0.1. Solution Update the WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin to the latest available version at least 1.3.0.1...
WordPress Simple Link Directory plugin <= 7.7.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Simple Link Directory plugin versions = 7.7.1. Solution Update the WordPress Simple Link Directory plugin to the latest available version at least 7.7.2...
WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin <= 1.1.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin versions = 1.1.8. Solution Update the WordPress Forms to Zapier, Integromat, IFTTT, Workato,...
WordPress Ultimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO Booster plugin <= 1.0.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO Booster plugin versions = 1.0.6. Solution No patched version available...
WordPress Team Circle Image Slider With Lightbox plugin <= 1.0.15 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Team Circle Image Slider With Lightbox plugin versions = 1.0.15. Solution Update the WordPress Team Circle Image Slider With Lightbox plugin to the latest available version at least 1.0.16...
WordPress Cookie Information plugin <= 2.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Cookie Information plugin versions = 2.0.7. Solution Update the WordPress Cookie Information plugin to the latest available version at least 2.0.8...
WordPress 3D FlipBook plugin <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting (XSS) vulnerability
Subscriber+ Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 3D FlipBook plugin versions = 1.12.0. Solution Update the WordPress 3D FlipBook plugin to the latest available version at least 1.12.1...
WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability
Edit/Delete event via IDOR vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...
WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by ThuraMoeMyint Patchstack Red Team project in WordPress Yasr – Yet Another Stars Rating plugin versions = 2.9.9. Solution Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version at least 3.0.0...
WordPress GiveWP plugin <= 2.17.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...
WordPress Mortgage Calculators WP plugin <= 1.55 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress Mortgage Calculators WP plugin versions = 1.55. Solution Update the WordPress Mortgage Calculators WP plugin to the latest available version at least 1.56...
WordPress WP Extra File Types plugin <= 0.5 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by JrXnm in WordPress WP Extra File Types plugin versions = 0.5. Solution Update the WordPress WP Extra File Types plugin to the latest available version at least 0.5.1...
WordPress myCred plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress myCred plugin versions = 2.3.2. Solution Update the WordPress myCred plugin to the latest available version at least 2.4...
WordPress Smart Coupons for WooCommerce plugin <= 1.3.5 - Authenticated SQL injection (SQLi) vulnerability
Authenticated SQL injection SQLi vulnerability discovered in WordPress Smart Coupons for WooCommerce plugin versions = 1.3.5. Solution Update the WordPress Smart Coupons for WooCommerce plugin to the latest available version at least 1.3.6...
WordPress Crisp Live Chat plugin <= 0.31 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by José Aguilera in WordPress Crisp Live Chat plugin versions = 0.31. Solution Update the WordPress Crisp Live Chat plugin to the latest available version at least 0.32...
WordPress LiteSpeed Cache plugin <= 4.4.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress LiteSpeed Cache plugin versions = 4.4.3. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 4.4.4...
WordPress Revolve theme <= 1.3.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Revolve theme versions = 1.3.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress Ninja Tables plugin <= 4.1.7 - Stored Cross-Site Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Ninja Tables plugin versions = 4.1.7. Solution Update the WordPress Ninja Tables plugin to the latest available version at least 4.1.8...
WordPress LearnPress plugin <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress LearnPress plugin versions = 4.1.3.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.3.2...
WordPress 404 to 301 plugin <= 3.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Logs Deletion
Cross-Site Request Forgery CSRF vulnerability leading to Logs Deletion discovered by apple502j in WordPress 404 to 301 plugin versions = 3.0.8. Solution Update the WordPress 404 to 301 plugin to the latest available version at least 3.0.9...
WordPress G Auto-Hyperlink plugin <= 1.0.1 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress G Auto-Hyperlink plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...
WordPress Batch Cat plugin <= 0.3 - Arbitrary Categories Add/Set/Delete to Posts vulnerability
Arbitrary Categories Add/Set/Delete to Posts vulnerability discovered by Quentin VILLAIN 3wsec in WordPress Batch Cat plugin versions = 0.3. Solution Deactivate and delete. This plugin has been closed as of September 24, 2021 and is not available for download. This closure is temporary, pending a...
WordPress 3DPrint Lite plugin <= 1.9.1.4 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Spacehen in WordPress 3DPrint Lite plugin versions = 1.9.1.4. Solution Update the WordPress 3DPrint Lite plugin to the latest available version at least 1.9.1.5...
WordPress Easy Twitter Feed plugin <= 1.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński in WordPress Easy Twitter Feed plugin versions = 1.1. Solution Update the WordPress Easy Twitter Feed plugin to the latest available version at least 1.2...
WordPress eID Easy plugin <= 4.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress eID Easy plugin versions = 4.6. Solution Update the WordPress eID Easy plugin to the latest available version at least 4.7...
WordPress RSVPmaker Excel plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress RSVPmaker Excel plugin versions = 1.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress SMS OVH plugin <= 0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress SMS OVH plugin versions = 0.1. Solution This plugin has been closed as of August 24, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress PostX – Gutenberg Blocks for Post Grid plugin <= 2.4.9 - Missing Access Controls vulnerability
Missing Access Controls vulnerability discovered by apple502j in WordPress PostX – Gutenberg Blocks for Post Grid plugin versions = 2.4.9. Solution Update the WordPress PostX – Gutenberg Blocks for Post Grid plugin to the latest available version at least 2.4.10...