46684 matches found
WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection
Software Automation By Autonami Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50857 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc113d13a945 Credits Muhammad Daffa Required privilege...
WordPress TextMe SMS Plugin <= 1.9.0 is vulnerable to Broken Access Control
Software TextMe SMS Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 91f657366fb1 Credits Arvandy Required privilege...
WordPress VK Blocks Plugin <= 1.63.0.1 is vulnerable to Cross Site Scripting (XSS)
Software VK Blocks Type Plugin Vulnerable versions = 1.63.0.1 Fixed in 1.64.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5706 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d60e9243083 Credits Lana Codes Required...
WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...
WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection
Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...
WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure
Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...
WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Complete Open Graph Type Plugin Vulnerable versions = 3.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45010 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 98057f180915 Credits Rio Darmawan Required...
WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Maintenance Switch Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29235 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc20c4d49d47 Credits Elliot Required...
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...
WordPress WP Database Administrator Plugin <= 1.0.3 is vulnerable to SQL Injection
Software WP Database Administrator Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3211 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 53fe9995f076 Credits Christiaan Swiers Required privilege...
WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-38396 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ad78bcfdec4a Credits thiennv Required...
WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...
WordPress LearnDash LMS Plugin <= 4.6.0 is vulnerable to Broken Authentication
Software LearnDash LMS Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.0.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-3105 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fcee4e28c7df Credits István Márton Required...
WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d78f3844de4 Credits Le Ngoc Anh Required...
WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...
WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...
WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection
Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...
WordPress Weaver Xtreme Theme <= 5.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Weaver Xtreme Type Theme Vulnerable versions = 5.0.7 Fixed in 6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1403 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b31bb20a58fc Credits Ramuel Gall Required privileg...
WordPress Popup Maker Plugin <= 1.17.1 is vulnerable to Sensitive Data Exposure
Software Popup Maker Type Plugin Vulnerable versions = 1.17.1 Fixed in 1.18.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-47597 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d6552fe3bb39 Credits rezaduty Required privilege...
WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Classic Editor and Classic Widgets Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27434 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c89f9ac26cdb Credits...
WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control
Software Advanced Dynamic Pricing for WooCommerce Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-40203 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 061da4b2f208 Credit...
WordPress Profile Builder Plugin <= 3.9.0 is vulnerable to Sensitive Data Exposure
Software Profile Builder Type Plugin Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0814 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 43ad15dcf7ab Credits István Márton Required...
WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection
Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...
WordPress Page View Count Plugin < 2.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Page View Count Type Plugin Vulnerable versions 2.6.1 Fixed in 2.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0095 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 545a0fccfa3b Credits Lana Codes Required...
WordPress Product Slider and Carousel with Category for WooCommerce Plugin < 2.8 is vulnerable to Cross Site Scripting (XSS)
Software Product Slider and Carousel with Category for WooCommerce Type Plugin Vulnerable versions 2.8 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4791 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID...
WordPress Contest Gallery plugin <= 13.1.0.9 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability
Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Contest Gallery plugin versions = 13.1.0.9. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 14.0.0...
WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to plugin settings reset discovered by Dave Jong Patchstack in WordPress ShareThis Dashboard for Google Analytics plugin versions = 3.1.2. Solution No patched version available...
WordPress Easy Video Player plugin <= 1.2.2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Easy Video Player plugin versions = 1.2.2.2. Solution Update the WordPress Easy Video Player plugin to the latest available version at least 1.2.2.3...
WordPress Anthologize plugin <= 0.8.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Anthologize plugin versions = 0.8.0. Solution Update the WordPress Anthologize plugin to the latest available version at least 0.8.1...
WordPress WooCommerce Shipping - DPD baltic plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress WooCommerce Shipping - DPD baltic plugin versions = 1.2.8. Solution Update the WordPress DPD Baltic Shipping plugin to the latest available version at least 1.2.11...
WordPress WP Page Builder plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Koli in the WordPress WP Page Builder plugin versions = 1.2.8. Solution Deactivate and delete. This plugin has been closed as of 9. November, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Advanced WP Columns plugin <= 2.0.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by lucy in the WordPress Advanced WP Columns plugin versions = 2.0.6. Solution Deactivate and delete. This plugin has been closed as of November 7, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least 1.5.3...
WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern, Germany and Daniel Krohmer Fraunhofer IESE, Germany in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least...
WordPress Cyklodev WP Notify plugin <= 1.2.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Cyklodev WP Notify plugin versions = 1.2.1. Solution No patched version is available...
WordPress Image Hover Effects Css3 <= 4.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Image Hover Effects Css3 versions = 4.5. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress TeraWallet – For WooCommerce plugin <= 1.3.24 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress TeraWallet – For WooCommerce plugin versions = 1.3.24. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.0...
WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Notice Dismissal discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Coupons for WooCommerce Coupons plugin versions = 4.5. Solution Update the WordPress Advanced Coupons for WooCommerce Coupons plugin to the latest...
WordPress My wpdb plugin <= 2.4 - Arbitrary SQL Query via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary SQL Query via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress My wpdb plugin versions = 2.4. Solution Update the WordPress My wpdb plugin to the latest available version at least 2.5...
WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Sitemap Creation/Deletion discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...
WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability Leading to Arbitrary Plugin Installation/Activation discovered by Dave Jong Patchstack in WordPress Avada theme versions = 7.8.1. Solution Update the WordPress Avada theme to the latest available version at least 7.8.2...
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress WP Attachments plugin <= 5.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariah Almotlag in the WordPress WP Attachments plugin versions = 5.0.4. Solution Update the WordPress WP Attachments plugin to the latest available version at least 5.0.5...
WordPress Automatic User Roles Switcher premium plugin <= 1.1.1 - Auth. Privilege Escalation vulnerability
Auth. Privilege Escalation vulnerability discovered by WPScan in WordPress Automatic User Roles Switcher premium plugin versions = 1.1.1. Solution Update the WordPress Automatic User Roles Switcher plugin to the latest available version at least 1.1.2...
WordPress WZone – Lite Version plugin <= 3.1 Lite - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress WZone – Lite Version plugin versions = 3.1 Lite. Solution No patched version is available. No reply from the vendor since Jul 29, 2022...
WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...
WordPress Drag and Drop Multiple File Upload plugin <= 1.3.6.4 - File Upload Size Limit Bypass vulnerability
File Upload Size Limit Bypass vulnerability discovered by Sanjay Das in WordPress Drag and Drop Multiple File Upload plugin versions = 1.3.6.4. Solution Update the WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin to the latest available version at least 1.3.6.5...
WordPress Tutor LMS plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by lucy in WordPress Tutor LMS plugin versions = 2.0.9. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 2.0.10...
WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Lana Codes Patchstack Alliance in the WordPress FavIcon Switcher plugin versions = 1.2.11. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is...
WordPress SearchWP Live Ajax Search plugin <= 1.6.2 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress SearchWP Live Ajax Search plugin versions = 1.6.2. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.3...