45959 matches found
WordPress AWP Classifieds plugin <= 4.2.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress AWP Classifieds plugin versions = 4.2.1. Solution Update the WordPress AWP Classifieds plugin to the latest available version at least 4.3...
WordPress Form Maker by 10Web plugin <= 1.15.5 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Form Maker by 10Web plugin versions = 1.15.5 Solution Update the WordPress Form Maker by 10Web plugin to the latest available version at least 1.15.6...
WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Post to CSV by BestWebSoft plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Blog2Social plugin <= 6.9.9 - Authenticated Server-Side Request Forgery (SSRF) vulnerability
Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Sakri Rafael Koskimies in WordPress Blog2Social plugin versions = 6.9.9. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.10...
WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...
WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...
WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Universe Patchstack Alliance in WordPress Activity Log plugin versions = 2.8.3 Solution Update the WordPress Activity Log plugin to the latest available version at least 2.8.4...
WordPress Frontend File Manager plugin <= 21.3 - File Upload via Cross-Site Request Forgery (CSRF) vulnerability
File Upload via Cross-Site Request Forgery CSRF vulnerability was discovered by Raad Haddad Cloudyrion GmbH in the WordPress Frontend File Manager plugin versions = 21.3. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.4...
WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...
WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability was discovered by Lana Codes Patchstack Alliance in the WordPress FavIcon Switcher plugin versions = 1.2.11. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is...
WordPress SearchWP Live Ajax Search plugin <= 1.6.2 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress SearchWP Live Ajax Search plugin versions = 1.6.2. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.3...
WordPress Woo Billingo Plus plugin <= 4.4.5.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes in the WordPress Woo Billingo Plus plugin versions = 4.4.5.3. Solution Update the WordPress Woo Billingo Plus plugin to the latest available version at least 4.4.5.4...
WordPress WP 2FA plugin <= 2.2.1 - Time-Based Side-Channel Attack vulnerability
Time-Based Side-Channel Attack vulnerability discovered by Calvin Alkan in WordPress WP 2FA plugin versions = 2.2.1. Solution Update the WordPress WP 2FA plugin to the latest available version at least 2.3.0...
WordPress Donation Thermometer plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Donation Thermometer plugin versions = 2.1.2. Solution Update the WordPress Donation Thermometer plugin to the latest available version at least 2.1.3...
WordPress WP Socializer plugin <= 7.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress WP Socializer plugin versions = 7.2 Solution Update the WordPress Socializer plugin to the latest available version at least 7.3...
WordPress Easy Org Chart plugin <= 3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Easy Org Chart plugin versions = 3.1. Solution Deactivate and delete. This plugin has been closed as of July 29, 2022 and is not available for download. This closure is...
WordPress Site Offline plugin <= 1.4.9 - Access Bypass vulnerability
Access Bypass vulnerability discovered by Daniel Ruf in WordPress Site Offline plugin versions = 1.4.9. Solution Update the WordPress Site Offline plugin to the latest available version at least 1.5.3...
WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress Better Font Awesome plugin versions = 2.0.1. Solution Update the WordPress Better Font Awesome plugin to the latest available version at least 2.0.2...
WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress SEO Scout plugin versions = 0.9.83. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...
WordPress Float to Top Button plugin <= 2.3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Float to Top Button plugin versions = 2.3.6. Solution Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary,...
WordPress WP Server Health Stats plugin <= 1.6.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress WP Server Health Stats plugin versions = 1.6.10. Solution Update the WordPress WP Server Health Stats plugin to the latest available version at least 1.7.0...
WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication
Broken Authentication leading to cache delete discovered by Muhammad Daffa Patchstck Alliance in WordPress Video Gallery plugin versions = 1.3.4.5. Solution Update the WordPress Video Gallery plugin to the latest available version at least 1.3.5...
WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability was discovered by Robert Rowley Patchstack in the WordPress Easy Digital Downloads plugin versions = 3.0.1. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.0.2...
WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Raad Haddad in WordPress Simply Schedule Appointments plugin versions = 1.5.7.6. Solution Update the WordPress Simply Schedule Appointments plugin to the latest available version at least 1.5.7.7...
WordPress Sensei LMS plugin <= 4.5.1 - Arbitrary Private Message Sending via IDOR vulnerability
Arbitrary Private Message Sending via IDOR vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin versions = 4.5.1. Solution Update the WordPress Sensei LMS plugin to the latest available version at least 4.5.2...
WordPress Simple Banner plugin <= 2.11.0 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Simple Banner plugin versions = 2.11.0. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.12.0...
WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to the shutdown of the page builder discovered by Dave Jong Patchstack in WordPress Beaver Builder plugin versions = 2.5.4.3. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.4.4...
WordPress Duplicate Page and Post plugin <= 2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Kumar eSec Forte Technologies Pvt Ltd in WordPress Duplicate Page and Post plugin versions = 2.7. Solution Update the WordPress Duplicate Page and Post plugin to the latest available version at least 2.8...
WordPress WP Comments Fields plugin <= 4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress WP Comments Fields plugin versions = 4.0. Solution Update the WordPress WordPress Comments Fields plugin to the latest available version at least 4.1...
WordPress GiveWP plugin <= 2.21.2 - DoS via Cross-Site Request Forgery (CSRF) vulnerability
DoS via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...
WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability
Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...
WordPress Ivory Search plugin <= 5.4.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Ivory Search plugin versions = 5.4.6. Solution Update the WordPress Ivory Search plugin to the latest available version at least 5.4.7...
WordPress Download Manager plugin <= 3.2.47 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Andrea Bocchetti in the WordPress Download Manager plugin versions = 3.2.47. Solution No patched version available...
WordPress Popup Builder plugin <= 4.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Pritam Dash in WordPress Popup Builder plugin versions = 4.1.10. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.1.11...
WordPress Pagebar plugin <= 2.65 - Arbitrary Settings Update via CSRF vulnerability to Stored XSS
Arbitrary Settings Update via CSRF vulnerability to Stored XSS discovered by Daniel Ruf in WordPress Pagebar plugin versions = 2.65 Solution Update the WordPress Pagebar plugin to the latest available version at least 2.70...
WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team Manager plugin versions = 1.6.9. Solution Deactivate and delete. No reply from the vendor...
WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Adel WordPress Ninja Forms plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.10...
WordPress Site Offline or Coming Soon plugin <= 1.6.6 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Site Offline or Coming Soon plugin versions = 1.6.6. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closur...
WordPress Rotating Posts plugin <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Rotating Posts plugin versions = 1.11. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Mail Subscribe List plugin <= 2.1.3 - Arbitrary Subscribed User Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Subscribed User Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Mail Subscribe List plugin versions = 2.1.3. Solution Update the WordPress Mail Subscribe List plugin to the latest available version at least 2.1.4...
WordPress WP Statistics plugin <= 13.2.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shogo Kumamaru LAC CyberLink Co., Ltd in WordPress WP Statistics plugin versions = 13.2.1. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.2.2...
WordPress WP Admin Style plugin <= 0.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress WP Admin Style plugin versions = 0.1.2. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a ful...
WordPress Keep Backup Daily plugin <= 2.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Eduardo Estevao de Oliveira Azevedo in WordPress Keep Backup Daily plugin versions = 2.0.2. Solution Update the WordPress Keep Backup Daily plugin to the latest available version at least 2.0.3...
WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability
Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...
WordPress WooCommerce Green Wallet Gateway plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by goodguyandy in WordPress WooCommerce Green Wallet Gateway plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Green Wallet Gateway plugin to the latest available version at least 1.0.2...
WordPress WP JS plugin <= 2.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Marco Wotschka in WordPress WP JS plugin versions = 2.0.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Ravpage plugin <= 2.27 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability was discovered by Tien Nguyen Anh Patchstak Alliance in the WordPress Ravpage plugin versions = 2.27. Solution Update the WordPress Ravpage plugin to the latest available version at least 2.28...
WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability
Cross-Site Request Forgery CSRF leads to Arbitrary File Upload vulnerability discovered in Rara One Click Demo Import plugin versions = 1.2.9 by BEE-K. Solution Update the WordPress Rara One Click Demo Import plugin to the latest available version at least 1.3.0...
WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin <= 1.5.13 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin versions = 1.5.13. Solution Update the WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin to the latest available version at least...
WordPress th23 Social plugin <= 1.2.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress th23 Social plugin versions = 1.2.0. Solution Deactivate and delete. This plugin has been closed as of March 24, 2022 and is not available for download. This closure is temporary, pending a full review...