46684 matches found
WordPress MapSVG premium plugin <= 6.2.19 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Brandon James Roldan in WordPress MapSVG premium plugin versions = 6.2.19. Solution Update the WordPress MapSVG premium plugin to the latest available version at least 6.2.20...
WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin <= 1.5.13 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin versions = 1.5.13. Solution Update the WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin to the latest available version at least...
WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...
WordPress Easily Generate Rest API Url plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by websafe2021 in WordPress Easily Generate Rest API Url plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of 29 March 2022 and is not available for download. This closure is temporary, pending a full...
WordPress WP Social Buttons plugin <= 2.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress WP Social Buttons plugin versions = 2.1. Solution Deactivate and delete. This plugin has been closed as of March 22, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.20.95 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Anti-Malware Security and Brute-Force Firewall plugin versions = 4.20.95. Solution Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version at least 4.20.96...
WordPress Export All URLs plugin <= 4.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Export All URLs plugin versions = 4.1. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.2...
WordPress Download Woocommerce Category Banner Management plugin <= 2.2.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Download Woocommerce Category Banner Management plugin versions = 2.2.2. Solution Update the WordPress Download Woocommerce Category Banner Management plugin to the latest available version at least 2.2.3...
WordPress Premmerce Product Filter for WooCommerce plugin <= 3.6.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Product Filter for WooCommerce plugin versions = 3.6.1. Solution Update the WordPress Premmerce Product Filter for WooCommerce plugin to the latest available version at least 3.6.2...
WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin < 3.1.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin versions 3.1.6. Solution Update the WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin to the latest available version at least 3.1.6...
WordPress WoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo gallery plugin <= 1.1.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo gallery plugin versions = 1.1.8. Solution Update the WordPress WoowGallery – image gallery / content gallery /...
WordPress Checkout with Zelle on Woocommerce plugin <= 1.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Checkout with Zelle on Woocommerce plugin versions = 1.0. Solution Update the WordPress Checkout with Zelle on Woocommerce plugin to the latest available version at least 2.0...
WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps plugin <= 1.2.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps plugin versions = 1.2.1. Solution Update the WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps plugin to the latest...
WordPress Genealogical Tree – WordPress Family Tree plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Genealogical Tree – WordPress Family Tree plugin versions = 2.1.4. Solution Update the WordPress Genealogical Tree – WordPress Family Tree plugin to the latest available version at least 2.1.5...
WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more...
WordPress Simple Membership plugin <= 4.0.9 - Arbitrary Transaction Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Transaction Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress Simple Membership plugin versions = 4.0.9. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.1.0...
WordPress Amelia plugin <= 1.0.45 - Arbitrary Customer Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Customer Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...
WordPress Kunze Law plugin <= 1.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Kunze Law plugin versions = 1.9. Solution Update the WordPress Kunze Law plugin to the latest available version at least 2.1...
WordPress Relevanssi Premium plugin <= 2.16.4 - Unauthorized AJAX Calls vulnerability
Unauthorized AJAX Calls vulnerability discovered by Jan w Oleju in WordPress Relevanssi Premium plugin versions = 2.16.4. Solution Update the WordPress Relevanssi Premium plugin to the latest available version at least 2.16.5...
WordPress WPvivid Backup and Migration Plugin <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WPvivid Backup and Migration Plugin versions = 0.9.68. Solution Update the WordPress WPvivid Backup and Migration Plugin to the latest available version at least 0.9.69...
WordPress Better Notifications for WP plugin <= 1.8.6 - Email Address Disclosure vulnerability
Email Address Disclosure vulnerability discovered by Krzysztof Zając in WordPress Better Notifications for WP plugin versions = 1.8.6. Solution Update the WordPress Better Notifications for WP plugin to the latest available version at least 1.8.7...
WordPress Product Feed PRO for WooCommerce plugin <= 11.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Product Feed PRO for WooCommerce plugin versions = 11.2.1. Solution Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version at least 11.2.2...
WordPress WP Email Users plugin <= 1.7.6 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress WP Email Users plugin versions = 1.7.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress WP Google Map plugin <= 1.8.3 - Arbitrary Post Deletion and Plugin's Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Post Deletion and Plugin's Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Google Map plugin versions = 1.8.3. Solution Update the WordPress WP Google Map plugin to the latest available version at least 1.8.4...
WordPress Security Audit plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Shweta Mahajan in WordPress Security Audit plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of November 15, 2021 and is not available for download. Reason: Security Issue...
WordPress WordPress GDPR & CCPA premium plugin <= 1.9.25 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ace Candelario @0xspade and Victor Paynat-Sautivet 3DS Outscale SOC in WordPress WordPress GDPR & CCPA premium plugin versions = 1.9.25. Solution Update the WordPress WordPress GDPR & CCPA premium plugin to the latest...
WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Plugin Activation discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...
WordPress ExportFeed: List WooCommerce Products on eBay Store plugin <= 2.0.1.0 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by 0xdecafbad in WordPress ExportFeed: List WooCommerce Products on eBay Store plugin versions = 2.0.1.0. Solution Deactivate and delete. This plugin has been closed as of November 22, 2021 and is not available for download. Reason: Security Issue...
WordPress LeadMagic plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress LeadMagic plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Popup | Custom Popup Builder plugin <= 1.3 - Unauthenticated Denial of Service (DoS) vulnerability
Unauthenticated Denial of Service DoS vulnerability discovered by Felipe de Avila in WordPress Popup | Custom Popup Builder plugin versions = 1.3. Solution Update the WordPress Popup | Custom Popup Builder plugin to the latest available version at least 1.3.1...
WordPress Orange Form plugin <= 1.0 - SQL Injection (SQLi) via Cross-Site Request Forgery (CSRF) vulnerability
SQL Injection SQLi via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Orange Form plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary,...
WordPress Orders Tracking for WooCommerce plugin <= 1.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Orders Tracking for WooCommerce plugin versions = 1.1.9. Solution Update the WordPress Orders Tracking for WooCommerce plugin to the latest available version at least 1.1.10...
WordPress Advanced Custom Fields: Extended plugin <= 0.8.8.6 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Advanced Custom Fields: Extended plugin versions = 0.8.8.6. Solution Update the WordPress Advanced Custom Fields: Extended plugin to the latest available version at least 0.8.8.7...
WordPress H5P CSS Editor plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress H5P CSS Editor plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Julio Potier SecuPress.me in WordPress tarteaucitron.js – Cookies legislation & GDPR plugin versions = 1.5.4. Solution Update the WordPress tarteaucitron.js – Cookies legislation & GDPR plugin to the...
WordPress UpdraftPlus plugin <= 1.16.65 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress UpdraftPlus plugin versions = 1.16.65. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.16.66...
WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 2.10.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 2.10.4. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at least 2.10.5...
WordPress Variation Swatches for WooCommerce plugin <= 2.1.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Variation Swatches for WooCommerce plugin versions = 2.1.1. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 2.1.2...
WordPress Booster for WooCommerce plugin <= 5.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability in Product XML Feeds Module
Reflected Cross-Site Scripting XSS vulnerability in Product XML Feeds Module discovered by Jeremie Amsellem in WordPress Booster for WooCommerce plugin versions = 5.4.8. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.4.9...
WordPress Ripple theme <= 1.2.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Ripple theme versions = 1.2.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress Uncode Lite theme <= 1.3.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Uncode Lite theme versions = 1.3.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Doko theme <= 1.0.27 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Doko theme versions = 1.0.27. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress Gwolle Guestbook plugin <= 4.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Gwolle Guestbook plugin versions = 4.1.2. Solution Update the WordPress Gwolle Guestbook plugin to the latest available version at least 4.2.0...
WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress SportsPress – Sports Club & League Manager plugin versions = 2.7.8. Solution Update the WordPress SportsPress – Sports Club & League Manager plugin to the latest available version at least 2.7.9...
WordPress WPO365 plugin <= 15.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by AppCheck in WordPress WPO365 plugin versions = 15.3. Solution Update the WordPress WPO365 plugin to the latest available version at least 15.4...
WordPress Get Custom Field Values plugin <= 4.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Get Custom Field Values plugin versions = 4.0. Solution Update the WordPress Get Custom Field Values plugin to the latest available version at least 4.0.1...
WordPress Download Monitor plugin <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...
WordPress MAZ Loader plugin <= 1.4.0 - Arbitrary Loader Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Loader Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress MAZ Loader plugin versions = 1.4.0. Solution Update the WordPress MAZ Loader plugin to the latest available version at least 1.4.1...
WordPress eCommerce Product Catalog plugin <= 3.0.38 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress eCommerce Product Catalog plugin versions = 3.0.38. Solution Update the WordPress eCommerce Product Catalog plugin to the latest available version at least 3.0.39...
WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability
Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms plugin to the latest available version at least 1.6.9...