46702 matches found
WordPress WordPress Goto premium theme <= 1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress WordPress Goto premium theme versions = 1.9. Solution Update the WordPress WordPress Goto premium theme to the latest available version at least 2.0...
WordPress Mediumish premium theme <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Mediumish premium theme versions = 1.0.47. Solution No information about the patched version available...
WordPress Database Backups plugin <= 1.2.2.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to backup download
Cross-Site Request Forgery CSRF vulnerability leading to backup download discovered by 0xB9 in WordPress Database Backups plugin versions = 1.2.2.6. Solution 2021-03-18 - we were unable to find a patched version of this plugin. WordPress.org plugin repository notice: "This plugin has been closed ...
WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Nguyen Van Khanh in WordPress 301 Redirects – Easy Redirect Manager plugin versions = 2.50. Solution Update the WordPress 301 Redirects – Easy Redirect Manager plugin to the latest available version at least 2.5.1...
WordPress Recall Products plugin <= 0.8 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by ZERO APTITUDE in WordPress Recall Products plugin versions = 0.8. Solution 2020-09-16 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of July 28, 2020 and is not availabl...
WordPress wpDiscuz plugin <= 5.3.5 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found in WordPress wpDiscuz plugin versions = 5.3.5. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 5.3.6...
WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by WordFence in WordPress Page Builder by SiteOrigin plugin versions = 2.10.15. Solution Update the WordPress Page Builder by SiteOrigin plugin to the latest available version at least 2.10.16...
WordPress iframe plugin <= 4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Guilherme Rubert in WordPress iframe plugin versions = 4.4. Solution Update the WordPress iframe plugin to the latest available version at least 4.5...
WordPress LearnPress plugin <= 3.2.6.7 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered in WordPress LearnPress plugin versions = 3.2.6.7. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.8...
WordPress Catch Breadcrumb plugin <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Catch Breadcrumb plugin versions = 1.5.6. Solution Update the WordPress Catch Breadcrumb plugin to the latest available version at least 1.5.7...
WordPress WP Lead Plus X plugin <= 0.98 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...
WordPress WP-Advanced-Search plugin <= 3.3.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Florian Hauser in WordPress WP-Advanced-Search plugin versions = 3.3.3. Solution Update the WordPress WP-Advanced-Search plugin to the latest available version at least 3.3.7...
WordPress Blogtopdf plugin <= 1.0.2 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Blogtopdf plugin versions = 1.0.2. Solution Plugin closed. Deactivate and delete...
WordPress Appointment Booking Calendar plugin <= 1.3.34 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Monzon in WordPress Appointment Booking Calendar plugin versions = 1.3.34. Solution Update the WordPress Appointment Booking Calendar plugin to the latest available version at least 1.3.35...
WordPress Modern Events Calendar Lite plugin <= 5.1.6 - Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities
Multiple Stored Cross-Site Scripting XSS Vulnerabilities discovered by WordFence in WordPress Modern Events Calendar Lite plugin versions = 5.1.6. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 5.1.7...
WordPress Gistpress plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Paul Ritchie in WordPress Gistpress plugin versions = 3.0.1. Solution Update the WordPress Gistpress plugin to the latest available version at least 3.0.2...
WordPress YITH Color and Label Variations for WooCommerce plugin <=1.8.12 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH Color and Label Variations for WooCommerce plugin versions =1.8.12. Solution Update the WordPress YITH Color and Label Variations for WooCommerce plugin to the latest available...
WordPress WP DSGVO Tools (GDPR) plugin <= 2.2.18 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress WP DSGVO Tools GDPR plugin versions = 2.2.18. Solution Update the WordPress WP DSGVO Tools GDPR plugin to the latest available version at least 2.2.19...
WordPress HandL UTM Grabber plugin <= 2.6.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found in WordPress HandL UTM Grabber plugin versions = 2.6.4. Solution Update the WordPress HandL UTM Grabber plugin to the latest available version at least 2.6.5...
WordPress Simple Membership plugin <= 3.8.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by rubyman in WordPress Simple Membership plugin versions = 3.8.4. Solution Update the WordPress Simple Membership plugin to the latest available version at least 3.8.5...
WordPress Everest Forms plugin <= 1.4.9 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Tin Duong in WordPress Everest Forms plugin versions = 1.4.9. Solution Update the WordPress Everest Forms plugin to the latest available version at least 1.5.0...
WordPress WP Statistics plugin <= 12.6.3 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress WP Statistics plugin versions = 12.6.3. Solution Update the WordPress WP Statistics plugin to the latest available version at least 12.6.4...
WordPress Ninja Forms File Uploads Extension premium plugin <= 3.0.22 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Jasper Weijts Onvio in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.0.22. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least 3.0.23...
WordPress Ultimate Member plugin <= 2.0.39 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Georg Knabl in WordPress Ultimate Member plugin versions = 2.0.39. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.0.40...
WordPress Font Organizer plugin <=2.1.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found Tim Coen in WordPress Font Organizer plugin versions =2.1.1. Solution 22 March 2019 - we were unable to find a patched version of this plugin. There is a notice on the WordPress plugin repository "This plugin was closed on March 18, 2019 and is no long...
WordPress WP Live Chat Support plugin <= 8.0.17 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress WP Live Chat Support plugin versions = 8.0.17. Solution Update the WordPress WP Live Chat Support plugin to the latest available version at least 8.0.18...
WordPress FormCraft plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Masaki Saito in WordPress FormCraft plugin versions = 1.2.1. Solution Update the WordPress FormCraft plugin to the latest available version at least 1.2.2...
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability
File Upload to XSS on Apache Web Servers vulnerability found by Tim Coen and Slavco in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...
WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability found by Renos Nikolaou in WordPress Gift Voucher plugin versions =2.0.1. Solution 2018.09.01 - we were unable to find information about fixed vulnerability...
WordPress WF Cookie Consent plugin <=1.1.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability found by B0UG in WordPress WF Cookie Consent plugin versions =1.1.3. Solution Update the WordPress WF Cookie Consent plugin to the latest available version at least 1.1.4...
WordPress Contact Form 7 to Database Extension plugin 2.10.32 - CSV Injection vulnerability
CSV Injection vulnerability found in WordPress Contact Form 7 to Database Extension plugin version 2.10.32. Vulnerable file ExportToCsvUtf8.php allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. Solution This plugin has been closed and is no longer availab...
WordPress Bookly plugin <= 14.4 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability
Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Luigi in the WordPress Bookly plugin versions = 14.4. Solution Update the WordPress Bookly plugin to the latest available version at least 14.5...
WordPress Coming Soon plugin <=1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by d4wner in WordPress Coming Soon plugin versions =1.1.18. Solution Update the WordPress Coming Soon plugin to the latest available version at least 1.1.19...
WordPress Email Subscribers & Newsletters plugin <=3.4.7 - Missing Function Level Access Control vulnerability
Missing Function Level Access Control vulnerability that causes leakage of subscribers list found by ThreatPress in WordPress Email Subscribers & Newsletters plugin versions =3.4.7. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 3.4.8...
WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability (2)
A second Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3 Solution 1/9/2018 - we were unable to find a patched version of this plugin...
WordPress ImageInject plugin 1.15 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via the flickrappid parameter to wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
WordPress Custom Map plugin <=1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability found by Nicolas Buzy-Debat in WordPress Custom Map plugin versions =1.1. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin. Uninstall or use it at your own risk...
WordPress Q and A Plugin - Full Path Disclosure
This plugin is prone to a multiple scripts direct request path disclosure vulnerability. Solution Update the plugin...
WordPress Simplified Content Plugin <= 1.0.0 - Reflected XSS
This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...
WordPress HDW Tube Plugin <= 1.2 - Reflected XSS
This plugin is prone to a cross site scripting vulnerability via /hdw-tube/mychannel.php file. Solution Update the plugin...
WordPress <= 4.5.2 - BYPASS #1
WordPress before 4.5.3 allows remote attackers to bypass the sanitizefilename protection mechanism via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-1 http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-2...
WordPress Tera Charts Plugin - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress <= 4.5.1 - XSS
This vulnerability in plupload.flash.swf in Plupload before 2.1.9 allows an attacker to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack. Solution Update WordPress...
WordPress <= 4.4 - Service Side Request Forgery
This WordPress version is prone to a service side request forgery vulnerability via crafted address. Solution Upgrade WordPress...
WordPress SiteMile Project Theme 2.0.9.5 - Multiple Vulnerabilities
There are multiple vulnerabilities in this theme, such as stored cross-site scripting, reflected cross-site scripting and cross-site request forgery. Solution Upgrade the theme...
WordPress <= 4.4.1 - SSRF
The vulnerability allows an attacker to conduct these server-side request forgery attacks via a zero value in the first octet of an IPv4 address in the "u" parameter to wp-admin/press-this.php. Solution Update WordPress...
WordPress <= 4.4.0 - Multiple XSS
Multiple cross site scripting vulnerabilities were found in wp-includes/class-wp-theme.php. These vulnerabilities allow the attackers to inject arbitrary web script or HTML via a 1. stylesheet name or 2. template name to wp-admin/customize.php. Solution Upgrade WordPress...
WordPress CKEditor Plugin <= 4.0 - Arbitrary File Upload
This plugin is prone to an arbitrary file upload exploit vunerability. Solution There is no fix...
WordPress Count Per Day Plugin 3.4 - SQL Injection
This WordPress Count Per Day plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Salient Theme <= 4.9 - Cross Site Scripting
This vulnerability allows an attacker to inject arbitrary web script or HTML. Solution Update the theme...