46704 matches found
WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication
Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...
WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...
WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34023 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e7893e261d3 Credits Nguyen Xuan...
WordPress is vulnerable to Directory Traversal
Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...
WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...
WordPress Seo By 10Web Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Seo By 10Web Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2224 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7380d78d51b0 Credits Taurus Omar Required privileg...
WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP All Backup Type Plugin Vulnerable versions = 2.4.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32583 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 2d09c30b2474 Credits Mika Required privilege...
WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...
WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...
WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection
Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 81dd81d22e8d Credits minhtuanact Required privilege...
WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)
Software I Recommend This Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23673 Patch priority Low CVSS severity Low 5.9 Developer Webtions Harish PSID f5cbbc89906b Credits Rio Darmawan Required...
WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection
Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...
WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control
Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...
WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control
Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...
WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...
WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)
Software ConvertBox Auto Embed WordPress plugin Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 859421b50cad Credit...
WordPress Load More Products for WooCommerce Plugin <= 1.1.9.7 is vulnerable to Broken Access Control
Software Load More Products for WooCommerce Type Plugin Vulnerable versions = 1.1.9.7 Fixed in 1.1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09d1bbbd7382 Credits István...
WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software HT Slider For Elementor Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fea57db2be31 Credits Lana Codes...
WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion
Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...
WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Dynamic Keywords Injector Type Plugin Vulnerable versions = 2.3.15 Fixed in 2.3.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47141 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2248ca9d15a Credits...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...
WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...
WordPress PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Plugin < 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Type Plugin Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4321 Patch priority Low CVSS severity Low 7.1...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...
WordPress Youtube Channel Gallery Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)
Software Youtube Channel Gallery Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4783 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID d89263cd84d3 Credits István Márton...
WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability
Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...
WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability
Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin versions = 1.0.4. Solution Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version at least 1.0.5...
WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability
Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...
WordPress Welcart e-Commerce plugin <= 2.8.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Lana Codes in the WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...
WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...
WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...
WordPress TeraWallet – For WooCommerce plugin <= 1.4.3 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability discovered by Marco Wotschka in the WordPress TeraWallet – For WooCommerce plugin versions = 1.4.3. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.4...
WordPress Jeeng Push Notifications plugin <= 2.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in WordPress Jeeng Push Notifications plugin versions = 2.0.3. Solution Update the WordPress Jeeng Push Notifications plugin to the latest available version at least 2.0.4...
WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...
WordPress Restaurant Menu <= 2.3.0 - Missing Authorization on AJAX Actions vulnerability
Missing Authorization on AJAX Actions vulnerability discovered by ptsfence in WordPress Restaurant Menu versions = 2.3.0. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.1...
WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability
Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...
WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability was discovered by Thura Moe Myint Patchstack Alliance in the WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...
WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...
WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API
Data Exposure vulnerability via REST API discovered by Than Taintor in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Francesco Carlucci in WordPress FluentForm plugin versions = 4.3.12. Solution Update the WordPress Contact Form Plugin plugin to the latest available version at least 4.3.13...
WordPress Newspaper premium theme <= 11.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan Techlab Corporation in WordPress Newspaper premium theme versions = 11.5.1 Solution Update the WordPress Newspaper theme to the latest available version at least 12...
WordPress Contact Bank plugin <= 3.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhang Yunpei in WordPress Contact Bank plugin versions = 3.0.30. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Helpful plugin <= 4.5.25 - Information Disclosure vulnerability
Information Disclosure vulnerability discovered by Aleksi Kistauri in WordPress Helpful plugin versions = 4.5.25. Solution Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...
WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version at least 5.3.6...
WordPress WP Custom Cursors plugin <= 3.0 - Arbitrary Cursor Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Cursor Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress WP Custom Cursors plugin versions = 3.0. Solution Update the WordPress WP Custom Cursors plugin to the latest available version at least 3.0.1...
WordPress Import all XML, CSV & TXT plugin <= 6.5.7 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin versions = 6.5.7. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.8...
WordPress We’re Open! plugin <= 1.41 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress We’re Open! plugin versions = 1.41. Solution Update the WordPress We’re Open! plugin to the latest available version at least 1.42...
WordPress WP 2FA plugin <= 2.2.1 - Time-Based Side-Channel Attack vulnerability
Time-Based Side-Channel Attack vulnerability discovered by Calvin Alkan in WordPress WP 2FA plugin versions = 2.2.1. Solution Update the WordPress WP 2FA plugin to the latest available version at least 2.3.0...
WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.27.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Anurag Bhoir in WordPress Slider, Gallery, and Carousel by MetaSlider plugin versions = 3.27.8. Solution Update the WordPress Responsive Slider by MetaSlider plugin to the latest available version at least 3.27.9...