46684 matches found
WordPress Forminator plugin <= 1.15.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Forminator plugin versions = 1.15.2. Solution Update the WordPress Forminator plugin to the latest available version at least 1.15.4...
WordPress Sassy Social Share plugin <= 3.3.23 - Missing Authorization Controls to PHP Object Injection vulnerability
Missing Authorization Controls to PHP Object Injection vulnerability discovered by Chloe Chamberland WordFence in WordPress Sassy Social Share plugin versions = 3.3.23. Solution Update the WordPress Sassy Social Share plugin to the latest available version at least 3.3.24...
WordPress Speed Booster Pack plugin <= 4.3.3 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Quan, Hoang Xuan in WordPress Speed Booster Pack plugin versions = 4.3.3. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.3.3.1...
WordPress HAL plugin <= 2.1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress HAL plugin versions = 2.1.1. Solution Update the WordPress HAL plugin to the latest available version at least 2.2...
WordPress Simple JWT Login plugin <= 3.2.1 - Insecure Password Creation vulnerability
Insecure Password Creation vulnerability discovered by Zian Choy in WordPress Simple JWT Login plugin versions = 3.2.1. Solution Update the WordPress Simple JWT Login plugin to the latest available version at least 3.3.0...
WordPress Print-O-Matic plugin <= 2.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Zain Ahmed in WordPress Print-O-Matic plugin versions = 2.0.2. Solution Update the WordPress Print-O-Matic plugin to the latest available version at least 2.0.3...
WordPress Quiz Tool Lite plugin <= 2.3.15 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Shivam Rai in WordPress Quiz Tool Lite plugin versions = 2.3.15. Solution Deactivate and delete. This plugin has been closed as of September 28, 2021 and is not available for download. This closure is temporary, pending a full...
WordPress Events Made Easy plugin <= 2.2.23 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress Events Made Easy plugin versions = 2.2.23. Solution Update the WordPress Events Made Easy plugin to the latest available version or at least to the version 2.2.24...
WordPress Game Server Status plugin <= 1.0 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered Neppah in WordPress Game Server Status plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of August 20, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Generate Child Theme plugin <= 1.5.3 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Generate Child Theme plugin versions = 1.5.3. Solution Update the WordPress Generate Child Theme plugin to the latest available version at least 1.6...
WordPress Gutenberg PDF Viewer Block plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Gutenberg PDF Viewer Block plugin versions = 1.0. Solution Update the WordPress Gutenberg PDF Viewer Block plugin to the latest available version at least 1.0.1...
WordPress Compact WP Audio Player plugin <= 1.9.6 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Compact WP Audio Player plugin versions = 1.9.6. Solution Update the WordPress Compact WP Audio Player plugin to the latest available version at least 1.9.7...
WordPress WordPress Simple Shop plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WordPress Simple Shop plugin versions = 1.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Weather Effect plugin <= 1.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.3. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.4...
WordPress User Registration plugin <= 2.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by AyeCode Ltd in WordPress User Registration plugin versions = 2.0.1. Solution Update the WordPress User Registration plugin to the latest available version at least 2.0.2...
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.3.18 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Martin Vierula Trustwave in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.3.18. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least...
WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability
Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
WordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.3. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.4...
WordPress HD Quiz plugin <= 1.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress HD Quiz plugin versions = 1.8.3. Solution Update the WordPress HD Quiz plugin to the latest available version at least 1.8.4...
WordPress Timeline Calendar plugin <= 1.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Timeline Calendar plugin versions = 1.2. Solution This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security Issue...
WordPress GTranslate plugin <= 2.8.64 – Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress GTranslate plugin versions = 2.8.64. Solution Update the WordPress GTranslate plugin to the latest available version at least 2.8.65...
WordPress Alipay plugin <= 3.7.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Codevigilant in WordPress Alipay plugin versions = 3.7.2. Solution Deactivate and delete. This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WordPress MDTF - Meta Data & Taxonomies Filter premium plugin <= 2.2.7.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Ryoma Nishioka in WordPress MDTF - Meta Data & Taxonomies Filter premium plugin versions = 2.2.7.2. Solution Update the WordPress MDTF - Meta Data & Taxonomies Filter premium plugin to the latest available version at least 2.2.8...
WordPress Secure Copy Content Protection and Content Locking plugin <= 2.6.6 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.6.6. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at lea...
WordPress Handsome Testimonials & Reviews <= 2.1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Handsome Testimonials & Reviews versions = 2.1.0. Solution Update the WordPress Handsome Testimonials & Reviews to the latest available version at least 2.1.1...
WordPress CiviCRM plugin <= 5.24.2 - Authenticated Phar Deserialization vulnerability
Authenticated Phar Deserialization vulnerability discovered by Dennis Brinkrolf SonarSource in WordPress CiviCRM plugin versions = 5.24.2. Solution Update the WordPress CiviCRM plugin to the latest available version at least 5.24.3...
WordPress DW Question & Answer plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress DW Question & Answer plugin versions = 1.5.7. Solution 21st June 2021 - no fix available...
WordPress Include Me plugin <= 1.2.1 - Path traversal and Local File Inclusion (LFI) vulnerability leading to Remote Code Execution (RCE)
Path traversal and Local File Inclusion LFI vulnerability leading to Remote Code Execution RCE discovered by Mesut Cetin in WordPress Include Me plugin versions = 1.2.1. Solution Update the WordPress Include Me plugin to the latest available version at least 1.2.2...
WordPress Admin Columns plugin <= 4.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns plugin versions = 4.3.1. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3.2...
WordPress Admin Columns PRO premium plugin <= 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns PRO premium plugin versions = 5.5.1. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.2...
WordPress Advanced AJAX Product Filters plugin <= 1.5.4.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Advanced AJAX Product Filters plugin versions = 1.5.4.6. Solution Update the WordPress Advanced AJAX Product Filters plugin to the latest available version at least 1.5.4.7...
WordPress WP Google Maps plugin <= 8.1.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mohammed Adam in WordPress WP Google Maps plugin versions = 8.1.11. Solution Update the WordPress WP Google Maps plugin to the latest available version at least 8.1.12...
WordPress NinjaFirewall plugin <= 4.3.3 - Authenticated PHAR Deserialization vulnerability
Authenticated PHAR Deserialization vulnerability discovered by Chloe Chamberland in WordPress NinjaFirewall plugin versions = 4.3.3. Solution Update the WordPress NinjaFirewall plugin to the latest available version at least 4.3.4...
WordPress Popup by Supsystic plugin <= 1.10.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Popup by Supsystic plugin versions = 1.10.4. Solution Update the WordPress Popup by Supsystic plugin to the latest available version at least 1.10.5...
WordPress HT Slider Range for Amazon affiliates plugin <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress HT Slider Range for Amazon affiliates plugin versions = 1.1.9. Solution Update the WordPress HT Slider Range for Amazon affiliates plugin to the latest available version at least 1.1.10...
WordPress Invoicing with InvoiceXpress for WooCommerce plugin <= 3.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress Invoicing with InvoiceXpress for WooCommerce plugin versions = 3.0.2. Solution Update the WordPress Invoicing with InvoiceXpress for WooCommerce plugin to the latest available version at least...
WordPress OpenID Connect Generic Client plugin <= 3.8.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Austin Bentley in WordPress OpenID Connect Generic Client plugin versions = 3.8.1. Solution Update the WordPress OpenID Connect Generic Client plugin to the latest available version at least 3.8.2...
WordPress WordPress Goto premium theme <= 1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress WordPress Goto premium theme versions = 1.9. Solution Update the WordPress WordPress Goto premium theme to the latest available version at least 2.0...
WordPress Mediumish premium theme <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Mediumish premium theme versions = 1.0.47. Solution No information about the patched version available...
WordPress Database Backups plugin <= 1.2.2.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to backup download
Cross-Site Request Forgery CSRF vulnerability leading to backup download discovered by 0xB9 in WordPress Database Backups plugin versions = 1.2.2.6. Solution 2021-03-18 - we were unable to find a patched version of this plugin. WordPress.org plugin repository notice: "This plugin has been closed ...
WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Nguyen Van Khanh in WordPress 301 Redirects – Easy Redirect Manager plugin versions = 2.50. Solution Update the WordPress 301 Redirects – Easy Redirect Manager plugin to the latest available version at least 2.5.1...
WordPress Recall Products plugin <= 0.8 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by ZERO APTITUDE in WordPress Recall Products plugin versions = 0.8. Solution 2020-09-16 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of July 28, 2020 and is not availabl...
WordPress wpDiscuz plugin <= 5.3.5 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found in WordPress wpDiscuz plugin versions = 5.3.5. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 5.3.6...
WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.3.2 - Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated File Upload vulnerability leading to Remote Code Execution RCE discovered by Austin Martin in WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin versions = 1.3.3.2. Solution Update the WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin to th...
WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by WordFence in WordPress Page Builder by SiteOrigin plugin versions = 2.10.15. Solution Update the WordPress Page Builder by SiteOrigin plugin to the latest available version at least 2.10.16...
WordPress iframe plugin <= 4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Guilherme Rubert in WordPress iframe plugin versions = 4.4. Solution Update the WordPress iframe plugin to the latest available version at least 4.5...
WordPress LearnPress plugin <= 3.2.6.7 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered in WordPress LearnPress plugin versions = 3.2.6.7. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.8...
WordPress Catch Breadcrumb plugin <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Catch Breadcrumb plugin versions = 1.5.6. Solution Update the WordPress Catch Breadcrumb plugin to the latest available version at least 1.5.7...
WordPress WP Lead Plus X plugin <= 0.98 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...
WordPress WP-Advanced-Search plugin <= 3.3.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Florian Hauser in WordPress WP-Advanced-Search plugin versions = 3.3.3. Solution Update the WordPress WP-Advanced-Search plugin to the latest available version at least 3.3.7...