46684 matches found
WordPress RevivePress – Keep your Old Content Evergreen plugin < 1.3.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress RevivePress – Keep your Old Content Evergreen plugin versions 1.3.1. Solution Update the WordPress RevivePress – Keep your Old Content Evergreen plugin to the latest available version at least 1.3.1...
WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin < 3.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin versions 3.0.3. Solution Update the WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin to the latest available versi...
WordPress Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) plugin <= 1.3.32 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Royal Elementor Addons Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates plugin versions = 1.3.32. Solution Update...
WordPress Amelia plugin <= 1.0.45 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...
WordPress Advanced Contact form 7 DB plugin <= 1.8.6 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Krzysztof Zając in WordPress Advanced Contact form 7 DB plugin versions = 1.8.6. Solution Update the WordPress Advanced Contact form 7 DB plugin to the latest available version at least 1.8.7...
WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ngo Van Thien. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...
WordPress WooCommerce – Store Exporter plugin <= 2.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce – Store Exporter plugin versions = 2.7. Solution Update the WordPress WooCommerce – Store Exporter plugin to the latest available version at least 2.7.1...
WordPress IP2Location Country Blocker plugin <= 2.26.4 - Arbitrary Country Ban vulnerability
Arbitrary Country Ban by low privilege users vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.4. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.5...
WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.9 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Yoru Oni in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.9. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.7.0...
WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability via AJAX Action
Reflected Cross-Site Scripting XSS vulnerability via AJAX Action discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...
WordPress Learning Courses plugin <= 4.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by dhananjaygarg192002 in WordPress Learning Courses plugin versions = 5.0. Solution Patched in version 5.0, but closed for other security reasons. This plugin has been closed as of October 8, 2021 and is not available for download. Reason:...
WordPress WP Post Page Clone plugin <= 1.1 - Unauthorized Post Access vulnerability
Unauthorized Post Access vulnerability discovered by apple502j in WordPress WP Post Page Clone plugin versions = 1.1. Solution Update the WordPress WP Post Page Clone plugin to the latest available version at least 1.2...
WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...
WordPress Asgaros Forum plugin <= 1.15.14 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Trang LKB in WordPress Asgaros Forum plugin versions = 1.15.14. Solution Update the WordPress Asgaros Forum plugin to the latest available version at least 1.15.15...
WordPress Simple Download Monitor plugin <= 3.9.8 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by apple502j in the WordPress Simple Download Monitor plugin versions = 3.9.8. Solution Update the WordPress Simple Download Monitor to the latest available version at least 3.9.9...
WordPress .htaccess Redirect plugin <= 0.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress .htaccess Redirect plugin versions = 0.3.1. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress RegistrationMagic plugin <= 5.0.1.7 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Marco Wotschka and Chloe Chamberland in WordPress RegistrationMagic plugin versions = 5.0.1.7. Solution Update the WordPress RegistrationMagic plugin to the latest available version at least 5.0.1.8...
WordPress Modal Window plugin <= 5.2.1 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability
Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress Modal Window plugin versions = 5.2.1. Solution Update the WordPress Modal Window plugin to the latest available version at least 5.2.2...
WordPress All-in-One Video Gallery plugin <= 2.4.9 - Local File Inclusion (LFI) vulnerability
Local File Inclusion LFI vulnerability discovered by Mohamed Magdy AbuMuslim in WordPress All-in-One Video Gallery plugin versions = 2.4.9. Solution Update the WordPress All-in-One Video Gallery plugin to the latest available version at least 2.5.0...
WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 3.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Auto Featured Image Auto Post Thumbnail plugin versions = 3.9.2. Solution Update the WordPress Auto Featured Image Auto Post Thumbnail plugin to the latest available version at least 3.9.3...
WordPress WP Admin Logo Changer plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by apple502j in WordPress WP Admin Logo Changer plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...
WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability
Authenticated Arbitrary File Download vulnerability discovered by Ex.Mi Patchstack in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...
WordPress WPS Hide Login plugin <= 1.9 - Protection Bypass with Referer-Header vulnerability
Protection Bypass with Referer-Header vulnerability discovered by Daniel Ruf in WordPress WPS Hide Login plugin versions = 1.9. Solution Update the WordPress WPS Hide Login plugin to the latest available version at least 1.9.1...
WordPress Shared Files plugin <= 1.6.60 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Shared Files plugin versions = 1.6.60. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.61...
WordPress MPL-Publisher – Self-publish your book & ebook plugin <= 1.30.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress MPL-Publisher – Self-publish your book & ebook plugin versions = 1.30.2. Solution Update the WordPress MPL-Publisher – Self-publish your book & ebook plugin to the latest available versi...
WordPress Brizy – Page Builder plugin <= 2.3.11 - Authenticated File Upload and Path Traversal vulnerability
Authenticated File Upload and Path Traversal vulnerability discovered by Ramuel Gall WordFence in WordPress Brizy – Page Builder plugin versions = 2.3.11. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.3.12...
WordPress WPSchoolPress plugin <= 2.1.16 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Davide Taraschi in the WordPress WPSchoolPress plugin versions = 2.1.16. Solution Update the WordPress WPSchoolPress plugin to the latest available version at least 2.1.17...
WordPress Ninja Forms Contact Form plugin <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure vulnerability
Unprotected REST-API to Sensitive Information Disclosure vulnerability discovered by Chloe Chamberland WordFence in WordPress Ninja Forms Contact Form plugin versions = 3.5.7. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.5.8...
WordPress Cookie Bar plugin <= 1.8.8 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by pang0lin in WordPress Cookie Bar plugin versions = 1.8.8. Solution Update the WordPress Cookie Bar plugin to the latest available version at least 1.8.9...
WordPress WP HTML Author Bio plugin <= 1.2.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress WP HTML Author Bio plugin versions = 1.2.0. Solution Deactivate and delete. This plugin has been closed as of July 19, 2021 and is not available for download. Reason: Security Issue...
WordPress Frontend Uploader plugin <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress Frontend Uploader plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of July 22, 2021 and is not available for download. Reason: Security Issue...
WordPress MainWP Child Reports plugin <= 2.0.7 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress MainWP Child Reports plugin versions = 2.0.7. Solution Update the WordPress MainWP Child Reports plugin to the latest available version at least 2.0.8...
WordPress Coming soon and Maintenance mode plugin <= 3.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Coming soon and Maintenance mode plugin versions = 3.5.2. Solution Update the WordPress Coming soon and Maintenance mode plugin to the latest available version at least 3.5.3...
WordPress Woocommerce Payment Gateway per Category plugin <= 2.0.10 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Woocommerce Payment Gateway per Category plugin versions = 2.0.10. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress On Page SEO + Whatsapp Chat Button plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress On Page SEO + Whatsapp Chat Button plugin versions = 1.0.1. Solution Update the WordPress On Page SEO + Whatsapp Chat Button plugin to the latest available version at least 1.0.2...
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Deletion vulnerability
Unauthorized Event TimeSlot Deletion vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...
WordPress WP Video Lightbox plugin <= 1.9.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Vishnupriya Ilango Fortinet Fortiguard Labs in WordPress WP Video Lightbox plugin versions = 1.9.2. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.3...
WordPress Smart Email Alerts plugin <= 1.0.10 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Smart Email Alerts plugin versions = 1.0.10. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.4.6 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Swapnil Bodekar in WordPress SMS Alert Order Notifications – WooCommerce plugin versions = 3.4.6. Solution Update the WordPress SMS Alert Order Notifications – WooCommerce plugin to the latest available version at least 3.4.7...
WordPress WordPress Download Manager plugin <= 3.1.24 - Authenticated File Upload vulnerability
Authenticated File Upload vulnerability discovered by Ramuel Gall WordFence in WordPress WordPress Download Manager plugin versions = 3.1.24. Solution Update the WordPress WordPress Download Manager plugin to the latest available version at least 3.1.25...
WordPress Workreap premium theme <= 2.2.1 - Multiple Cross-Site Scripting (CSRF) + Insecure Direct Object References (IDOR) vulnerabilities
Multiple Cross-Site Scripting CSRF + Insecure Direct Object References IDOR vulnerabilities discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...
WordPress W3 Total Cache plugin <= 2.1.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.4. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.5...
WordPress Jannah premium theme <= 5.4.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress Jannah premium theme versions = 5.4.3. Solution Update the WordPress Jannah premium theme to the latest available version at least 5.4.4...
WordPress GetPaid plugin <= 2.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörg Steinsträter in WordPress GetPaid plugin versions = 2.3.3. Solution Update the WordPress GetPaid plugin to the latest available version at least 2.3.4...
WordPress Related Posts for WordPress plugin <= 2.0.4 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Related Posts for WordPress plugin versions = 2.0.4. Solution Update the WordPress Related Posts for WordPress plugin to the latest available version at least 2.0.5...
WordPress BuddyPress plugin <= 7.2.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered in WordPress BuddyPress plugin versions = 7.2.0. Solution Update the WordPress BuddyPress plugin to the latest available version at least 7.2.1...
WordPress Social Slider Feed plugin <= 1.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by purine chu in WordPress Social Slider Feed plugin versions = 1.8.4. Solution Update the WordPress Social Slider Feed plugin to the latest available version at least 1.8.5...
WordPress Redux Framework plugin <= 4.1.20 - CSRF Nonce Validation Bypass vulnerability
CSRF Nonce Validation Bypass vulnerability discovered by Lenon Leite in WordPress Redux Framework plugin versions = 4.1.20. Solution Update the WordPress Redux Framework plugin to the latest available version at least 4.1.21...
WordPress DiveBook plugin <= 1.1.4 - Improper Authorisation Check vulnerability
Improper Authorisation Check vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...
WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Mustafa GUNDOGDU b3kc4t in WordPress eventON premium plugin versions = 3.0.5. Solution 2020-12-01 - we were unable to find a patched version of this plugin...