46684 matches found
WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to export file download discovered by Lana Codes Patchstack Alliance in WordPress Advanced Order Export For WooCommerce plugin versions = 3.3.2. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available...
WordPress ImageMagick Engine plugin <= 1.7.6 - Auth. Remote Code Execution (RCE) vulnerability
Auth. Remote Code Execution RCE vulnerability discovered by ABDO10 in WordPress ImageMagick Engine plugin versions = 1.7.6. Solution No patched version is available. Version 1.7.6 only added a nonce token to fix the CSRF vulnerability...
WordPress Highlight Focus plugin <= 1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in the WordPress Highlight Focus plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress AB Press Optimizer plugin versions = 1.1.1. Solution No patched version is available. No reply from the vendor...
WordPress AWP Classifieds plugin <= 4.2.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress AWP Classifieds plugin versions = 4.2.1. Solution Update the WordPress AWP Classifieds plugin to the latest available version at least 4.3...
WordPress Newspaper premium theme <= 11.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramon Dunker in WordPress Newspaper premium theme versions = 11.5.1. Solution Update the WordPress Newspaper theme to the latest available version at least 12...
WordPress Blog2Social plugin <= 6.9.9 - Authenticated Server-Side Request Forgery (SSRF) vulnerability
Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Sakri Rafael Koskimies in WordPress Blog2Social plugin versions = 6.9.9. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.10...
WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Post to CSV by BestWebSoft plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...
WordPress LBStopAttack plugin <= 1.1.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Settings Update discovered by Daniel Ruf in WordPress LBStopAttack plugin versions = 1.1.2. Solution Update the WordPress LBstopattack plugin to the latest available version at least 1.1.3...
WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...
WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability
Block BYPASS vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress iQ Block Country plugin versions = 1.2.18. Solution Update the WordPress iQ Block Country plugin to the latest available version at least 1.2.19...
WordPress reSmush.it Image Optimizer plugin <= 0.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress reSmush.it Image Optimizer plugin versions = 0.4.5. Solution Update the WordPress reSmush.it plugin to the latest available version at least 0.4.6...
WordPress Woo Billingo Plus plugin <= 4.4.5.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes in the WordPress Woo Billingo Plus plugin versions = 4.4.5.3. Solution Update the WordPress Woo Billingo Plus plugin to the latest available version at least 4.4.5.4...
WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Rasi Afeef Patchstack Alliance in the WordPress RD Station plugin versions = 5.2.0. Solution Update the WordPress RD Station plugin to the latest available version at least 5.2.1...
WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Contact Form By Mega Forms plugin versions = 1.2.4. Solution Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version at...
WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Torro Forms plugin versions = 1.0.16. Solution Deactivate and delete. No reply from the vendor...
WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Word Search Puzzles game plugin versions = 2.0.1. Solution Deactivate and delete. No reply from the vendor...
WordPress Site Offline plugin <= 1.4.9 - Access Bypass vulnerability
Access Bypass vulnerability discovered by Daniel Ruf in WordPress Site Offline plugin versions = 1.4.9. Solution Update the WordPress Site Offline plugin to the latest available version at least 1.5.3...
WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress SEO Scout plugin versions = 0.9.83. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...
WordPress Float to Top Button plugin <= 2.3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Float to Top Button plugin versions = 2.3.6. Solution Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary,...
WordPress WP Server Health Stats plugin <= 1.6.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress WP Server Health Stats plugin versions = 1.6.10. Solution Update the WordPress WP Server Health Stats plugin to the latest available version at least 1.7.0...
WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication
Broken Authentication leading to cache delete discovered by Muhammad Daffa Patchstck Alliance in WordPress Video Gallery plugin versions = 1.3.4.5. Solution Update the WordPress Video Gallery plugin to the latest available version at least 1.3.5...
WordPress Best Payments Plugin for WP plugin <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress Best Payments Plugin for WP plugin versions = 4.2.0. Solution Update the WordPress Best Payments Plugin for WP plugin to the latest available version at least 4.2.1...
WordPress JoomSport plugin <= 5.2.5 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Salim Al-Wahaibi in WordPress JoomSport plugin versions = 5.2.5. Solution Update the WordPress JoomSport plugin to the latest available version at least 5.2.6...
WordPress My Calendar plugin <= 3.3.16 - Unauthenticated Open Redirect vulnerability
Unauthenticated Open Redirect vulnerability discovered by Dan Kegel in WordPress My Calendar plugin versions = 3.3.16. Solution Update the WordPress My Calendar plugin to the latest available version at least 3.3.17...
WordPress Social Slider Feed plugin <= 2.0.4 - Authenticated Arbitrary API Key Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Authenticated Arbitrary API Key Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by WPScan in WordPress Social Slider Feed plugin versions = 2.0.4. Solution Update the WordPress Social Slider Feed plugin to the latest available version at least 2.0.5...
WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability
Authenticated Arbitrary Settings Update vulnerability discovered by ptsfence Patchstack Alliance in WordPress ЮKassa для WooCommerce plugin versions = 2.3.0. Solution Update the WordPress ЮKassa для WooCommerce plugin to the latest available version at least 2.3.1...
WordPress Simple Banner plugin <= 2.11.0 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Simple Banner plugin versions = 2.11.0. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.12.0...
WordPress YaySMTP plugin <= 2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress YaySMTP plugin versions = 2.2. Solution Update the WordPress YaySMTP plugin to the latest available version at least 2.2.1...
WordPress WP Comments Fields plugin <= 4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress WP Comments Fields plugin versions = 4.0. Solution Update the WordPress WordPress Comments Fields plugin to the latest available version at least 4.1...
WordPress GiveWP plugin <= 2.21.2 - DoS via Cross-Site Request Forgery (CSRF) vulnerability
DoS via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...
WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability
Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...
WordPress FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Kenya Uematsu in WordPress FreeMind WP Browser versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is...
WordPress Ivory Search plugin <= 5.4.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Ivory Search plugin versions = 5.4.6. Solution Update the WordPress Ivory Search plugin to the latest available version at least 5.4.7...
WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 2.15.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 2.15.0. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at lea...
WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Adel in WordPress Ninja Forms plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.10...
WordPress Rotating Posts plugin <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Rotating Posts plugin versions = 1.11. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress WPlite plugin <= 1.3.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress WPlite plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of May 23, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Print, PDF, Email by PrintFriendly plugin <= 5.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat Solution Update the WordPress Print, PDF, Email by PrintFriendly plugin to the latest available version at least 5.2.3...
WordPress Custom Share Buttons with Floating Sidebar plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Custom Share Buttons with Floating Sidebar plugin versions = 4.1. Solution Update the WordPress Custom Share Buttons with Floating Sidebar plugin to the latest available version at least 4.2...
WordPress WP Admin Style plugin <= 0.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress WP Admin Style plugin versions = 0.1.2. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a ful...
WordPress WP Born Babies plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Wejdan Alomari in WordPress WP Born Babies plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of April 27, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability
Authenticated Local File Inclusion LFI vulnerability discovered by 0xB9 Patchstack Alliance in WordPress Popup Box plugin versions = 2.1.2. Solution Update the WordPress Popup Box plugin to the latest available version at least 2.2...
WordPress WooCommerce Green Wallet Gateway plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by goodguyandy in WordPress WooCommerce Green Wallet Gateway plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Green Wallet Gateway plugin to the latest available version at least 1.0.2...
WordPress Donate Extra plugin <= 2.02 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Donate Extra plugin versions = 2.02. Solution Deactivate and delete. This plugin has been closed as of April 7, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress MapSVG premium plugin <= 6.2.19 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Brandon James Roldan in WordPress MapSVG premium plugin versions = 6.2.19. Solution Update the WordPress MapSVG premium plugin to the latest available version at least 6.2.20...
WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin <= 1.5.13 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin versions = 1.5.13. Solution Update the WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin to the latest available version at least...
WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...
WordPress Easily Generate Rest API Url plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by websafe2021 in WordPress Easily Generate Rest API Url plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of 29 March 2022 and is not available for download. This closure is temporary, pending a full...
WordPress WP Social Buttons plugin <= 2.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress WP Social Buttons plugin versions = 2.1. Solution Deactivate and delete. This plugin has been closed as of March 22, 2022 and is not available for download. This closure is temporary, pending a full review...