46704 matches found
WordPress Events Shortcodes For The Events Calendar plugin <= 1.9 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Events Shortcodes For The Events Calendar plugin versions = 1.9. Solution Update the WordPress Events Shortcodes For The Events Calendar plugin to the latest available version at least 2.0...
WordPress Donations plugin <= 1.8 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Donations plugin versions = 1.8. Solution Deactivate and delete. This plugin has been closed as of February 28, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Master Elements plugin <= 8.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Master Elements plugin versions = 8.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...
WordPress MapPress Maps for WordPress plugin <= 2.73.12 - Admin+ File Upload leading to Remote Code Execution vulnerability
Admin+ File Upload leading to Remote Code Execution vulnerability discovered by qerogram in WordPress MapPress Maps for WordPress plugin versions = 2.73.12. Solution Update the WordPress MapPress Maps for WordPress plugin to the latest available version at least 2.73.13...
WordPress Church Admin plugin <= 3.4.134 - Unauthenticated Plugin's Backup Disclosure vulnerability
Unauthenticated Plugin's Backup Disclosure vulnerability discovered by cydave in WordPress Church Admin plugin versions = 3.4.134. Solution Update the WordPress Church Admin plugin to the latest available version at least 3.4.135...
WordPress Title Experiments Free plugin <= 9.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Title Experiments Free plugin versions = 9.0. Solution Update the WordPress Title Experiments Free plugin to the latest available version at least 9.0.1...
WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Menu Image, Icons made easy plugin versions = 3.0.5. Solution Update the WordPress Menu Image, Icons made easy plugin to the latest available version at least 3.0.6...
WordPress Prime Slider – Addons For Elementor plugin <= 2.6.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Prime Slider – Addons For Elementor plugin versions = 2.6.2. Solution Update the WordPress Prime Slider – Addons For Elementor plugin to the latest available version at least 2.7.0...
WordPress Elasta theme < 1.0.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Elasta theme versions 1.0.8. Solution Update the WordPress Elasta theme to the latest available version at least 1.0.8...
WordPress Projectopia – WordPress Project Management Plugin plugin < 5.0.7 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Projectopia – WordPress Project Management Plugin plugin versions 5.0.7. Solution Update the WordPress Projectopia – WordPress Project Management Plugin plugin to the latest available version at least 5.0.7...
WordPress DIVI Enhancer – DIVI Modules and Options plugin <= 5.0.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress DIVI Enhancer – DIVI Modules and Options plugin versions = 5.0.9. Solution No patched version available...
WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin <= 1.7.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin versions = 1.7.9. Solution Update the WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin to the latest available version at least 1.7.91...
WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin < 1.17.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin versions 1.17.0.4. Solution Update the WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin to the latest...
WordPress Page Builder Gutenberg Blocks – Kioken Blocks plugin <= 1.3.9 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Page Builder Gutenberg Blocks – Kioken Blocks plugin versions = 1.3.9. Solution No patched version available...
WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Size Charts Plugin for WooCommerce plugin versions = 2.2.2. Solution Update the WordPress Product Size Charts Plugin for WooCommerce plugin to the latest available version at least 2.2.3...
WordPress Impexium Single Sign On plugin <= 1.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Impexium Single Sign On plugin versions = 1.1. Solution No patched version available...
WordPress BulletProof Security plugin <= 5.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress BulletProof Security plugin versions = 5.7. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.8...
WordPress Patreon WordPress plugin <= 1.8.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress Patreon WordPress plugin versions = 1.8.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.8.2...
WordPress Master Addons for Elementor plugin <= 1.8.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Master Addons for Elementor plugin versions = 1.8.1. Solution Update the WordPress Master Addons for Elementor plugin to the latest available version at least 1.8.2...
WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Content Copy Protection & No Right Click plugin versions = 3.4.4 by Muhammad Daffa. Solution Update the WordPress WP Content Copy Protection & No Right Click plugin to the latest available version at least 3.4.5...
WordPress Custom Content Shortcode plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Custom Content Shortcode plugin versions = 4.0.1. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.2...
WordPress Price Table plugin <= 0.2.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Price Table plugin versions = 0.2.2. Solution Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Embed Swagger plugin <= 1.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Embed Swagger plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Database Backup for WordPress plugin <= 2.5 - SQL Injection (SQL) vulnerability
SQL Injection SQL vulnerability discovered by JrXnm in WordPress Database Backup for WordPress plugin versions = 2.5. Solution Update the WordPress Database Backup for WordPress plugin to the latest available version at least 2.5.1...
WordPress The Buffer Button plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja D Shirke in WordPress The Buffer Button plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a...
WordPress NewStatPress plugin <= 1.3.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress NewStatPress plugin versions = 1.3.5. Solution Update the WordPress NewStatPress plugin to the latest available version at least 1.3.6...
WordPress Spider Calendar plugin <= 1.5.65 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Spider Calendar plugin versions = 1.5.65. Solution Deactivate and delete. This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent...
WordPress Side Cart Woocommerce (Ajax) plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland in WordPress Side Cart Woocommerce Ajax plugin versions = 2.0. Solution Update the WordPress Side Cart Woocommerce Ajax plugin to the latest available version at least 2.1...
WordPress Download Manager plugin <= 3.2.33 - Authenticated SQL injection (SQLi) vulnerability to Reflected XSS vulnerability
Authenticated SQL injection SQLi vulnerability to Reflected XSS vulnerability discovered by Krzysztof Zając in WordPress Download Manager plugin versions = 3.2.33. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.34...
WordPress Permalink Manager Lite plugin <= 2.2.14 - Unauthorized Reflected Cross-Site Scripting (XSS) vulnerability
Unauthorized Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Permalink Manager Lite plugin versions = 2.2.14. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.15...
WordPress WHMCS Bridge plugin <= 6.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered in WordPress WHMCS Bridge plugin versions = 6.1. Solution Update the WordPress WHMCS Bridge plugin to the latest available version at least 6.3...
WordPress SupportCandy plugin <= 2.2.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...
WordPress Advanced Cron Manager Pro premium plugin <= 2.5.2 - Arbitrary Events/Schedules Creation/Deletion vulnerability
Arbitrary Events/Schedules Creation/Deletion vulnerability discovered by Krzysztof Zając in WordPress Advanced Cron Manager Pro premium plugin versions = 2.5.2. Solution Update the WordPress Advanced Cron Manager Pro premium plugin to the latest available version at least 2.5.3...
WordPress Contact Form 7 Skins plugin <= 2.5.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Contact Form 7 Skins plugin versions = 2.5.0. Solution Update the WordPress Contact Form 7 Skins plugin to the latest available version at least 2.5.1...
WordPress Rearrange Woocommerce Products plugin <= 3.0.7 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Rearrange Woocommerce Products plugin versions = 3.0.7. Solution Update the WordPress Rearrange Woocommerce Products plugin to the latest available version at least 3.0.8...
WordPress NextScripts plugin <= 4.3.24 - Post Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Post Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress NextScripts plugin versions = 4.3.24. Solution Update the WordPress NextScripts plugin to the latest available version at least 4.3.25...
WordPress UpdraftPlus plugin <= 1.16.66 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress UpdraftPlus plugin versions = 1.16.66. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.16.69...
WordPress AF Companion plugin <= 1.1.2 - Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress AF Companion plugin versions = 1.1.2. Solution Update the WordPress AF Companion plugin to the latest available version at least 1.2.0...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin <= 3.1.24 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin versions = 3.1.24. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin to the latest available...
WordPress Simple Download Monitor plugin <= 3.9.10 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.10. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.11...
WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Contest Gallery plugin versions = 13.1.0.9. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 14.0.0...
WordPress WP Coder plugin <= 2.5.1 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability
Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Coder plugin versions = 2.5.1. Solution Update the WordPress WP Coder plugin to the latest available version at least 2.5.2...
WordPress Buttonizer plugin <= 2.5.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Dipak Panchal in WordPress Buttonizer plugin versions = 2.5.4. Solution Update the WordPress Buttonizer plugin to the latest available version at least 2.5.5...
WordPress Zigcy Cosmetics theme <= 1.0.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Zigcy Cosmetics theme versions = 1.0.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...
WordPress AccessPress Root theme <= 2.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress AccessPress Root theme versions = 2.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...
WordPress Swing Lite theme <= 1.1.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Swing Lite theme versions = 1.1.9. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 4.7 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress WP Visitor Statistics Real Time Traffic plugin versions = 4.7. Solution Update the WordPress WP Visitor Statistics Real Time Traffic plugin to the latest available version at least 4.8...
WordPress Pixel Cat plugin <= 2.6.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Pixel Cat plugin versions = 2.6.2. Solution Update the WordPress Pixel Cat plugin to the latest available version at least 2.6.3...
WordPress LoginWP plugin <= 3.0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress LoginWP plugin versions = 3.0.0.4. Solution Update the WordPress LoginWP plugin to the latest available version at least 3.0.0.5...