46684 matches found
WordPress Frontend File Manager plugin <= 21.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Frontend File Manager plugin versions = 21.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.3...
WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin Options Update Enable/Disable Element discovered by Rasi Afeef in WordPress Mega Addons For WPBakery Page Builder plugin versions = 4.2.7. Solution Deactivate and delete. No reply from the vendor...
WordPress Word Search Puzzles game plugin <= 2.0.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress Word Search Puzzles game plugin versions = 2.0.1. Solution Deactivate and delete. No reply from the vendor...
WordPress Form Builder CP plugin <= 1.2.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chinmay Vishwas Divekar in WordPress Form Builder CP plugin versions = 1.2.31. Solution Update the WordPress Form Builder CP plugin to the latest available version at least 1.2.32...
WordPress Ultimate SMS Notifications for WooCommerce plugin <= 1.4.1 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress Ultimate SMS Notifications for WooCommerce plugin versions = 1.4.1. Solution Update the WordPress Ultimate SMS Notifications for WooCommerce plugin to the latest available version at least 1.4.2...
WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Lucio Sá Patchstack Alliance in WordPress Advanced Order Export For WooCommerce plugin versions = 3.3.1. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version at least 3.3.2...
WordPress Scroll To Top plugin <= 1.4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Scroll To Top plugin versions = 1.4.0. Solution Update the WordPress Scroll To Top plugin to the latest available version at least 1.4.1...
WordPress Search Exclude plugin <= 1.2.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Search Exclude plugin versions = 1.2.6. Solution Update the WordPress Search Exclude plugin to the latest available version at least 1.2.7...
WordPress WP STAGING Plugin <= 2.9.17 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in WP STAGING versions = 2.9.17 Solution Update the WordPress WP STAGING – Backup Duplicator & Migration plugin to the latest available version at least 2.9.18...
WordPress Directorist plugin <= 7.3.0 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Krzysztof Zając in WordPress Directorist plugin versions = 7.3.0. Solution Update the WordPress Directorist plugin to the latest available version at least 7.3.1...
WordPress Sensei LMS plugin <= 4.5.1 - Arbitrary Private Message Sending via IDOR vulnerability
Arbitrary Private Message Sending via IDOR vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin versions = 4.5.1. Solution Update the WordPress Sensei LMS plugin to the latest available version at least 4.5.2...
WordPress WP Sticky Button plugin <= 1.4.0 - Unauthenticated Arbitrary Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Unauthenticated Arbitrary Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress WP Sticky Button plugin versions = 1.4.0. Solution Update the WordPress WP Sticky Button – Click to Chat plugin to the latest available version at least...
WordPress Feed Them Social plugin <= 2.9.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Feed Them Social plugin versions = 2.9.9. Solution Update the WordPress Feed Them Social plugin to the latest available version at least 3.0.1...
WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to the shutdown of the page builder discovered by Dave Jong Patchstack in WordPress Beaver Builder plugin versions = 2.5.4.3. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.4.4...
WordPress Elementor Contact Form DB <= 1.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Elementor Contact Form DB versions = 1.7. Solution Update the WordPress Elementor Contact Form DB plugin to the latest available version at least 1.8...
WordPress Auto More Tag plugin <= 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Auto More Tag plugin versions = 4.0.0. Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This...
WordPress DW Promobar plugin <= 1.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress DW Promobar plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closu...
WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability
Authenticated Arbitrary File Creation via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...
WordPress YOP Poll plugin <= 6.4.2 - IP Spoofing vulnerability
IP Spoofing vulnerability discovered by Daniel Ruf in WordPress YOP Poll plugin versions = 6.4.2. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.4.3...
WordPress Popups plugin <= 1.9.3.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Popups plugin versions = 1.9.3.8. Solution Deactivate and delete. This plugin has been closed as of July 5, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Name Directory plugin <= 1.25.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Donato Di Pasquale in WordPress Name Directory plugin versions = 1.25.2. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.25.3...
WordPress Download Monitor plugin <= 4.5.9 - Authenticated Arbitrary File Download vulnerability
Authenticated Arbitrary File Download vulnerability discovered by Thiago Martins, Jorge Buzeti, Leandro Inacio, Lucas de Souza, Matheus Oliveira, Filipe Baptistella, Leonardo Paiva, Jose Thomaz, Joao Maciel, Vinicius Pereira, Geovanni Campos, Hudson Nowak, Guilherme Acerbi in WordPress Download...
WordPress Download Manager plugin <= 3.2.47 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Andrea Bocchetti in the WordPress Download Manager plugin versions = 3.2.47. Solution No patched version available...
WordPress GiveWP plugin <= 2.20.2 - Donor Information Disclosure vulnerability
Donor Information Disclosure vulnerability discovered by Kane Gamble Blackfoot UK in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...
WordPress Sharebar plugin <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Sharebar plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full revie...
WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Adel WordPress Ninja Forms plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.10...
WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin versions = 2.4.6. Solution Update the WordPress WP Contact Slider plugin to the latest available version at least 2.4.7...
WordPress Google XML Sitemaps plugin <= 4.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Google XML Sitemaps plugin versions = 4.1.2. Solution Update the WordPress Google XML Sitemaps plugin to the latest available version at least 4.1.3...
WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Travel Management plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. Th...
WordPress Keep Backup Daily plugin <= 2.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Eduardo Estevao de Oliveira Azevedo in WordPress Keep Backup Daily plugin versions = 2.0.2. Solution Update the WordPress Keep Backup Daily plugin to the latest available version at least 2.0.3...
WordPress Slideshow CK plugin <= 1.4.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slideshow CK plugin versions = 1.4.9. Solution Update the WordPress Slideshow CK plugin to the latest available version at least 1.4.10...
WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by BEE-K Patchstack in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution Deactivate and delete. No patched version is available. No reply from the vendor...
WordPress Photo Gallery plugin <= 1.6.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by 0ppr2s in WordPress Photo Gallery plugin versions = 1.6.3. Solution Update the WordPress Photo Gallery plugin to the latest available version at least 1.6.4...
WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Countdown & Clock plugin <= 2.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jeong Wonjun aka Pongchi Patchstack Alliance in WordPress Countdown & Clock plugin versions = 2.4.7. Solution No patched version is available...
WordPress Ravpage plugin <= 2.27 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability was discovered by Tien Nguyen Anh Patchstak Alliance in the WordPress Ravpage plugin versions = 2.27. Solution Update the WordPress Ravpage plugin to the latest available version at least 2.28...
WordPress WP YouTube Live plugin <= 1.8.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress WP YouTube Live plugin versions = 1.8.2. Solution Update the WordPress WP YouTube Live plugin to the latest available version at least 1.8.3...
WordPress th23 Social plugin <= 1.2.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress th23 Social plugin versions = 1.2.0. Solution Deactivate and delete. This plugin has been closed as of March 24, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Advanced Uploader plugin <= 4.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Roel van Beurden in WordPress Advanced Uploader plugin versions = 4.2. Solution Deactivate and delete. This plugin has been closed as of March 28, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Ubigeo de Perú plugin <= 3.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Ubigeo de Perú plugin versions = 3.6.3. Solution Update the WordPress Ubigeo de Perú plugin to the latest available version at least 3.6.4...
WordPress RSVP and Event Management plugin <= 2.7.7 - Unauthenticated Entries Export vulnerability
Unauthenticated Entries Export vulnerability discovered by Daniel Ruf in WordPress RSVP and Event Management plugin versions = 2.7.7. Solution Update the WordPress RSVP and Event Management plugin to the latest available version at least 2.7.8...
WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress Simple Event Planner plugin versions = 1.5.4. Solution Update the WordPress Simple Event Planner plugin to the latest available version at least 1.5.5...
WordPress Product Table for WooCommerce plugin <= 3.1.1 - Unauthenticated Arbitrary Function Call vulnerability
Unauthenticated Arbitrary Function Call vulnerability discovered by Mark Costlow in WordPress Product Table for WooCommerce plugin versions = 3.1.1. Solution Update the WordPress Product Table for WooCommerce plugin to the latest available version at least 3.1.2...
WordPress Migration, Backup, Staging – WPvivid plugin <= 0.9.69 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Migration, Backup, Staging – WPvivid plugin versions = 0.9.69. Solution Update the WordPress Migration, Backup, Staging – WPvivid plugin to the latest available version at least 0.9.70...
WordPress LearnPress plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress LearnPress plugin versions = 4.1.5. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.6...
WordPress AI Mojo – GPT-3 Playground for WordPress plugin < 0.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress AI Mojo – GPT-3 Playground for WordPress plugin versions 0.2.5. Solution Update the WordPress AI Mojo – GPT-3 Playground for WordPress plugin to the latest available version at least 0.2.5...
WordPress RevivePress – Keep your Old Content Evergreen plugin < 1.3.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress RevivePress – Keep your Old Content Evergreen plugin versions 1.3.1. Solution Update the WordPress RevivePress – Keep your Old Content Evergreen plugin to the latest available version at least 1.3.1...
WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin < 3.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin versions 3.0.3. Solution Update the WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin to the latest available versi...
WordPress Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) plugin <= 1.3.32 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Royal Elementor Addons Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates plugin versions = 1.3.32. Solution Update...
WordPress License Manager for WooCommerce plugin <= 2.2.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress License Manager for WooCommerce plugin versions = 2.2.5. Solution Update the WordPress License Manager for WooCommerce plugin to the latest available version at least 2.2.6...