46684 matches found
WordPress 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat plugin <= 5.2.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat plugin versions = 5.2.7. Solution Update WordPress 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat plugin to the latest available version at least 5.2...
WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Red Team in WordPress Absolutely Glamorous Custom Admin plugin versions = 6.8. Solution Update the WordPress Absolutely Glamorous Custom Admin plugin to the latest available version at least 6.9, addition...
WordPress HM Multiple Roles plugin <= 1.2 - Arbitrary Role Change vulnerability
Arbitrary Role Change vulnerability discovered by clemorphy in WordPress HM Multiple Roles plugin versions = 1.2. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.3...
WordPress WP HTML Mail plugin <= 3.0.6 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Konan Nagashima in WordPress WP HTML Mail plugin versions = 3.0.6. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.0.8...
WordPress Workreap premium theme <= 2.2.1 - Unauthenticated Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated Upload vulnerability leading to Remote Code Execution RCE discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...
WordPress WP Google Map plugin <= 1.7.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Pratik Khalane in WordPress WP Google Map plugin versions = 1.7.6. Solution Update the WordPress WP Google Map plugin to the latest available version at least 1.7.7...
WordPress ProfilePress plugin 3.0 – 3.1.3 - Authenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest available versi...
WordPress Quiz And Survey Master plugin <= 7.1.17 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress Quiz And Survey Master plugin versions = 7.1.17. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.1.18...
WordPress Hana Flv Player plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress Hana Flv Player plugin versions = 3.1.3. Solution No patched version is available. The last version was released 8 years ago...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability
Unauthenticated Time-Based Blind SQL Injection SQLi vulnerability discovered by WordFence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.153.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version ...
WordPress Ultimate Maps by Supsystic plugin <= 1.2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Ultimate Maps by Supsystic plugin versions = 1.2.4. Solution Update the WordPress Ultimate Maps by Supsystic to the latest available version at least 1.2.5...
WordPress Shopello API plugin <= 2.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress Shopello API plugin versions = 2.9.0. Solution This plugin has been closed as of April 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Stop Spammers plugin <= 2021.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Hoseinvita in WordPress Stop Spammers plugin versions = 2021.8. Solution Update the WordPress Stop Spammers plugin to the latest available version at least 2021.9...
WordPress GiveWP plugin <= 2.9.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Austin Bentley in WordPress GiveWP plugin versions = 2.9.7. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.10.0...
WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability
Cross-Site Request Forgery CSRF via backend admin pages vulnerability found in WordPress Elementor Contact Form DB plugin versions = 1.5. Solution Update the WordPress Elementor Contact Form DB plugin to the latest available version at least 1.6...
WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
WordPress Discount Rules for WooCommerce plugin <= 2.2.0 - Multiple Authorization Bypass vulnerabilities
Multiple Authorization Bypass vulnerabilities found by WordFence in WordPress Discount Rules for WooCommerce plugin versions = 2.2.0. Solution Update the WordPress Discount Rules for WooCommerce plugin to the latest available version at least 2.2.1...
WordPress WP Hotel Booking plugin <= 1.10.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress WP Hotel Booking plugin versions = 1.10.1. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.2...
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 5.1.0 - Persistent Cross-Site Scripting (XSS) vulnerability
Persistent Cross-Site Scripting XSS vulnerability found by Jinson Varghese Behanan in WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin versions = 5.1.0. Solution Update the WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin to...
WordPress Advanced Access Manager plugin <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation vulnerability
Authenticated Authorization Bypass and Privilege Escalation vulnerability discovered by WordFence in WordPress Advanced Access Manager plugin versions = 6.6.1. Solution Update the WordPress Advanced Access Manager plugin to the latest available version at least 6.6.2...
WordPress Media Library Assistant plugin <= 2.81 - Unauthenticated Limited Local File Inclusion (LFI) vulnerability
Unauthenticated Limited Local File Inclusion LFI vulnerability discovered by Daniel Monzón stark0de in WordPress Media Library Assistant plugin versions = 2.81. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.82...
WordPress Appointment Booking Calendar <= 1.3.34 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Daniel Monzon in WordPress Appointment Booking Calendar plugin versions = 1.3.34. Solution Update the WordPress Appointment Booking Calendar to the latest available version at least 1.3.35...
WordPress SAML SP Single Sign On plugin <= 4.8.83 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by Zeroauth in WordPress SAML SP Single Sign On plugin versions = 4.8.83. Solution Update the WordPress SAML SP Single Sign On plugin to the latest available version at least 4.8.84...
WordPress Mesmerize theme <=1.6.89 - Authenticated Options Update vulnerability
Authenticated Options Update vulnerability found by NinTechNet in WordPress Mesmerize theme versions =1.6.89. Solution Update the WordPress Mesmerize theme to the latest available version at least 1.6.90...
WordPress YITH Custom Thank You Page for Woocommerce plugin <=1.1.7 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH Custom Thank You Page for Woocommerce plugin versions =1.1.7. Solution Update the WordPress YITH Custom Thank You Page for Woocommerce plugin to the latest available version at leas...
WordPress Form Maker by 10Web plugin <= 1.13.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Daniele Scanu in WordPress Form Maker by 10Web plugin versions = 1.13.20. Solution Update the WordPress Form Maker by 10Web plugin to the latest available version at least 1.13.3...
WordPress iThemes Security plugin <= 7.0.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Çlirim Emini in WordPress iThemes Security plugin versions = 7.0.2. Solution Update the WordPress iThemes Security plugin to the latest available version at least 7.0.3...
WordPress Woo Checkout for Digital Goods plugin <= 2.1 - Cross-site request forgery (CSRF) vulnerability
Cross-site request forgery CSRF vulnerability found by ThreatPress Research Team in WordPress Woo Checkout for Digital Goods plugin versions = 2.1. Solution Update the WordPress Woo Checkout for Digital Goods plugin to the latest available version at least 2.2...
WordPress Participants Database plugin <=1.7.5.9 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Benjamin Lim in WordPress Participants Database plugin version 1.7.5.9 and earlier versions. Data of the text input field of the plugin passed without escaping HTML special characters thus allows an attacker to insert javascript. Solution Update the...
WordPress Popup Maker plugin <=1.6.4 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability in WordPress Popup Maker plugin 1.6.4 and earlier versions allows an attacker to inject arbitrary web script or HTML. Solution Update WordPress Popup Maker plugin to the latest available version at least 1.6.5...
WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability
WordPress WP-Testimonials plugin is prone to SQL injection vulnerability. The vulnerability allows an authenticated user to execute arbitrary SQL commands via the "testid" parameter to wp-admin/admin.php Solution WordPress WP-Testimonials plugin removed from WordPress plugin directory. We suggest...
WordPress Heat Trackr Plugin <= 1.0 - Reflected XSS
This plugin is prone to a cross site scripting vulnerability via /heat-trackr/heat-trackrabtestadd.php file. Solution Update the plugin...
WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)
Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...
WordPress Ajax Random Post Plugin <= 2.00 - Cross Site Scripting (XSS)
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution
This plugin is prone to remote code execution because of ofcuploadimage.php file parameters $GET 'name' and $HTTPRAWPOSTDATA. Solution Update the plugin...
WordPress <= 4.3.0 - XSS
This vulnerability is in the user list table in WordPress. It allows an authenticated user to inject HTML or arbitrary web script via a crafted e-mail address. Solution Update the plugin...
WordPress Payment Form for PayPal Pro Plugin <= 1.0.1 - XSS
This WordPress plugin is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the plugin...
WordPress StageShow Plugin <= 5.0.8 - Open redirect
This vulnerability is in stageshowredirect.php in the "Redirect" function. It allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks in the "url" parameter. Solution Update the plugin...
WordPress Easy2Map Plugin 1.24 - SQL Injection
This WordPress Easy2Map plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress RevSlider - File Upload and Execute
This vulnerability allows an attacker to upload arbitrary PHP code and execute remote code. Solution Update the plugin...
WordPress Simple Ads Manager Plugin <= 2.5.95 - Unrestricted File Upload
This vulnerability exists in sam-ajax-admin.php and allows an attacker to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the "path" parameter. Solution Update the plugin...
WordPress WPML Plugin <= 3.1.8 - XSS
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "target" parameter in a reminderpopup action to the default URI. Solution Update the plugin...
WordPress Photo Gallery Plugin <= 1.2.7 - SQL Injection
Because of this vulnerability, attackers to execute arbitrary SQL commands via the "orderby parameter" in a GalleryBox action to wp-admin/admin-ajax.php. Solution Update the plugin...
WordPress gSlideshow Plugin 0.1 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...
WordPress SimpleFlickr Plugin <= 3.0.3 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...
WordPress WhyDoWork AdSense Plugin <= 1.2 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests. Solution Update the plugin...
WordPress CM Download Manager Plugin 2.0.0 - Code Injection
Code injection vulnerability was found in the software and confirmed as an anonymous user. It allows an attacker to gain full control of the application and use all operating system functions. Solution Update to version 2.0.4...
WordPress <= 4.0.0 - XSS #2
Because of this vulnerability in the "Press This" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss-3...
WordPress <= 4.0.0 - SSRF
wp-includes/http.php in WordPress allows the attackers to conduct server-side request forgery attacks by referring to a 127.0.0.0/8 resource. Solution Update WordPress...
WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal
This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...