46704 matches found
WordPress Registrations for the Events Calendar plugin <= 2.7.5 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Registrations for the Events Calendar plugin versions = 2.7.5. Solution Update the WordPress Registrations for the Events Calendar plugin to the latest available version at least 2.7.6...
WordPress Reviews Plus plugin <= 1.2.13 - Reviews Denial of Service (DoS) vulnerability
Reviews Denial of Service DoS vulnerability discovered by Drew Jones in WordPress Reviews Plus plugin versions = 1.2.13. Solution Update the WordPress Reviews Plus plugin to the latest available version at least 1.2.14...
WordPress BetterLinks plugin <= 1.2.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress BetterLinks plugin versions = 1.2.5. Solution Update the WordPress BetterLinks plugin to the latest available version at least 1.2.6...
WordPress Image to WebP plugin <= 1.8 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by apple502j in WordPress Image to WebP plugin versions = 1.8. Solution Update the WordPress Image to WebP plugin to the latest available version at least 1.9...
WordPress Content Staging <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Content Staging versions = 2.0.1. Solution Deactivate and delete. This plugin has been closed as of October 15, 2021 and is not available for download. This closure is temporary, pending...
WordPress SEO Redirection plugin <= 8.1 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress SEO Redirection plugin versions = 8.1. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 8.2...
WordPress Qwizcards plugin <= 3.61 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Qwizcards plugin versions = 3.61. Solution Update the WordPress Qwizcards plugin to the latest available version at least 3.62...
WordPress Schreikasten plugin <= 0.14.18 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Schreikasten plugin versions = 0.14.18. Solution Deactivate and delete. This plugin has been closed as of June 21, 2021 and is not available for download. Reason: Security Issue...
WordPress Booking.com Product Helper plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Product Helper plugin versions = 1.0.1. Solution Update the WordPress Booking.com Product Helper plugin to the latest available version at least 1.0.2...
WordPress DearFlip plugin <= 1.7.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress DearFlip plugin versions = 1.7.9. Solution Update the WordPress DearFlip plugin to the latest available version at least 1.7.10...
WordPress YITH Maintenance Mode plugin <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Red Team in WordPress YITH Maintenance Mode plugin versions = 1.3.7. Vulnerable parameter: &yithmaintenancenewslettersubmitlabel. Solution Update the WordPress YITH Maintenance Mode plugin to th...
WordPress Simple Social Media Share Buttons plugin <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Simple Social Media Share Buttons plugin versions = 3.2.3. Solution Update the WordPress Simple Social Media Share Buttons plugin to the latest available version at least 3.2.4...
WordPress Poll Maker plugin <= 3.4.1 - Unauthenticated Time-Based SQL Injection (SQLi) vulnerability
Unauthenticated Time-Based SQL Injection SQLi vulnerability discovered by apple502j in WordPress Poll Maker plugin versions = 3.4.1. Solution Update the WordPress Poll Maker plugin to the latest available version at least 3.4.2...
WordPress Yet Another bol.com plugin <= 1.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Yet Another bol.com plugin versions = 1.4. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Simple Matted Thumbnails plugin <= 1.01 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Matted Thumbnails plugin versions = 1.01. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Enfold premium theme <= 4.8.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by David Álvarez Robles, Francisco Díaz-Pache Alonso & Sergio Corral Cristo in WordPress Enfold premium theme versions = 4.8.3. Solution Update the WordPress Enfold premium theme to the latest available version at least 4.8.4...
WordPress TranslatePress plugin <= 2.0.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Nosa Shandy in WordPress TranslatePress plugin versions = 2.0.8. Solution Update the WordPress TranslatePress plugin to the latest available version at least 2.0.9...
WordPress Scribble Maps plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Scribble Maps plugin versions = 1.2. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress WP Fusion Lite plugin <= 3.37.18 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Deletion
Cross-Site Request Forgery CSRF vulnerability leading to Data Deletion discovered by Xu-Liang Liao in WordPress WP Fusion Lite plugin versions = 3.37.18. Solution This plugin has been closed as of August 6, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Bold Page Builder plugin <= 3.1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by dc11 in WordPress Bold Page Builder plugin versions = 3.1.5. Solution Update the WordPress Bold Page Builder plugin to the latest available version at least 3.1.6...
WordPress FluentSMTP plugin <= 2.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by YoshiKen in WordPress FluentSMTP plugin versions = 2.0.0. Solution Update the WordPress FluentSMTP plugin to the latest available version at least 2.0.1...
WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
WordPress Post Index plugin <= 0.7.5 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Kentaro Kuroki Cryptography Laboratory - Tokyo Denki University in WordPress Post Index plugin versions = 0.7.5. Solution This plugin has been closed as of July 20, 2021 and is not available for...
WordPress Diary & Availability Calendar plugin <= 1.0.3 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Diary & Availability Calendar plugin versions = 1.0.3. Solution This plugin has been closed as of May 19, 2021 and is not available for download. Reason: Security Issue...
WordPress Simple Events Calendar plugin <= 1.4.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Simple Events Calendar plugin versions = 1.4.0. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...
WordPress Maintenance plugin <= 4.02 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress Maintenance plugin versions = 4.02. Solution Update the WordPress Maintenance plugin to the latest available version at least 4.03...
WordPress Survey Maker plugin <= 1.5.5 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Survey Maker plugin versions = 1.5.5. Solution Update the WordPress Survey Maker plugin to the latest available version at least 1.5.6...
WordPress Poll Maker plugin <= 3.2.0 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Poll Maker plugin versions = 3.2.0. Solution Update the WordPress Poll Maker plugin to the latest available version at least 3.2.1...
WordPress Fudousan Pro (single) premium plugin <= 5.7.0 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Yu Iwama in WordPress Fudousan Pro single premium plugin versions = 5.7.0. Solution Update the WordPress Fudousan Pro single premium plugin to the latest available version at least 5.7.2...
WordPress Advanced Popups plugin <= 1.1.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Advanced Popups plugin versions = 1.1.1. Solution Update the WordPress Advanced Popups plugin to the latest available version at least 1.1.2...
WordPress Welcart e-Commerce plugin <= 2.2.3 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by Yu Iwama in WordPress Welcart e-Commerce plugin versions = 2.2.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.2.4...
WordPress Easy Cookies Policy plugin <= 1.6.2 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)
Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS discovered by 0xB9 in WordPress Easy Cookies Policy plugin versions = 1.6.2. Solution This plugin has been closed as of April 28, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Motor premium theme <= 3.0 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Harald Eilertsen JetPack in WordPress Motor premium theme versions = 3.0. Solution Update the WordPress Motor theme to the latest available version at least 3.1...
WordPress Qtranslate Slug plugin <= 1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet in WordPress Qtranslate Slug plugin versions = 1.1.18. Solution This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...
WordPress Fancy Product Designer premium plugin <= 4.6.8 - Unauthenticated Arbitrary File Upload and Remote Code Execution (RCE) vulnerabilities
Unauthenticated Arbitrary File Upload and Remote Code Execution RCE vulnerabilities discovered by WordFence in WordPress Fancy Product Designer premium plugin versions = 4.6.8. Solution Update the WordPress Fancy Product Designer premium plugin to the latest available version at least 4.6.9...
WordPress JobSearch premium plugin <= 1.7.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress JobSearch premium plugin versions = 1.7.3. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.7.4...
WordPress Funnel Builder by CartFlows plugin <= 1.6.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Funnel Builder by CartFlows plugin versions = 1.6.12. Solution Update the WordPress Funnel Builder by CartFlows plugin to the latest available version at least 1.6.13...
WordPress Instant Images – One Click Unsplash Uploads plugin <= 4.4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Instant Images – One Click Unsplash Uploads plugin versions = 4.4.0. Solution Update the WordPress Instant Images – One Click Unsplash Uploads plugin to the latest available version at least 4.4.0.1...
WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Unprotected AJAX Actions vulnerability
Unprotected AJAX Actions vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...
WordPress Contact Form by Supsystic plugin <= 1.7.14 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Contact Form by Supsystic plugin versions = 1.7.14. Solution Update the WordPress Contact Form by Supsystic plugin to the latest available version at least 1.7.15...
WordPress Business Directory Plugin <= 5.11.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Business Directory Plugin versions = 5.11.1. Solution Update the WordPress Business Directory Plugin to the latest available version at least 5.11.2...
WordPress WP Page Builder plugin <= 1.2.3 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress WP Page Builder plugin versions = 1.2.3. Solution Update the WordPress WP Page Builder plugin to the latest available version at least 1.2.4...
WordPress Cooked Pro premium plugin <= 1.7.5.5 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Jinson Varghese Behanan in WordPress Cooked Pro premium plugin versions = 1.7.5.5. Solution Update the WordPress Cooked Pro premium plugin to the latest available version at least 1.7.5.6...
WordPress Bello - Directory & Listing premium theme <= 1.5.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Bello - Directory & Listing premium theme versions = 1.5.9. Solution Update the WordPress Bello - Directory & Listing premium theme to the latest available version at least 1.6.0...
WordPress wpDataTables plugin <= 3.4.1 - Multiple SQL Injection (SQLi) vulnerabilities
Multiple SQL Injection SQLi vulnerabilities discovered by Veno Eivazian and Massimiliano Ferraresi in the WordPress wpDataTables plugin versions = 3.4.1. Solution Update the WordPress wpDataTables plugin to the latest available version at least 3.4.2...
WordPress WPS Hide Login plugin <= 1.6.1 - Login Page Protection Bypass vulnerability
Login Page Protection Bypass vulnerability discovered by Sebastian Schmitt in WordPress WPS Hide Login plugin versions = 1.6.1. Solution Update the WordPress WPS Hide Login plugin to the latest available version at least 1.7...
WordPress WP Database Reset plugin <= 3.1 - Unauthenticated Database Reset vulnerability
Unauthenticated Database Reset vulnerability discovered by WordFence in WordPress WP Database Reset plugin versions = 3.1. Solution Update the WordPress WP Database Reset plugin to the latest available version at least 3.15...
WordPress DiveBook plugin <= 1.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...
WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset
Unauthenticated Admin Password Reset vulnerability found by mathieg2 in WordPress Easy WP SMTP plugin versions = 1.4.2. Solution Update the WordPress Easy WP SMTP plugin to the latest available version at least 1.4.3. Attention! Please make sure you have a directory listing disabled since it coul...
WordPress Themify Portfolio Post plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Nguyen Anh Tien SunCSR in WordPress Themify Portfolio Post plugin versions = 1.1.5. Solution Update the WordPress Themify Portfolio Post plugin to the latest available version at least 1.1.6...