46702 matches found
WordPress LearnPress plugin <= 3.2.6.8 - Authenticated Page Creation and Status Modification vulnerability
Authenticated Page Creation and Status Modification vulnerability discovered by WordFence in WordPress LearnPress plugin versions = 3.2.6.8. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.9...
WordPress IMPress for IDX Broker plugin <= 2.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress IMPress for IDX Broker plugin versions = 2.6.1. Solution Update the WordPress IMPress for IDX Broker plugin to the latest available version at least 2.6.2...
WordPress Buddypress Component Stats plugin <= 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Buddypress Component Stats plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...
WordPress 10Web Map Builder for Google Maps <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting (XSS) via Plugin Settings Change vulnerability
Unauthenticated Stored Cross-Site Scripting XSS via Plugin Settings Change vulnerability found by Sean Murphy, QA Lead Matt Rusnak, and QA Engineer Ramuel Gall Wordfence in WordPress 10Web Map Builder for Google Maps = 1.0.63. Solution Update the WordPress 10Web Map Builder for Google Maps plugin...
WordPress Yottis premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by WordFence in WordPress Yottis premium theme versions = 1.0. Solution Update the WordPress Yottis premium theme to the latest available version at least 1.0.1...
WordPress Code Snippets plugin <= 2.13.3 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability
Cross-Site Request Forgery CSRF to Remote Code Execution RCE vulnerability found by Chloe Chamberland in WordPress Code Snippets plugin versions = 2.13.3. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.0...
WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...
WordPress Chatbot with IBM Watson plugin <= 0.8.20 - DOM Cross-Site Scripting (XSS) vulnerability
DOM Cross-Site Scripting XSS vulnerability found by Hooper Labs in WordPress Chatbot with IBM Watson plugin versions = 0.8.20. Solution Update the WordPress Chatbot with IBM Watson plugin to the latest available version at least 0.8.21...
WordPress WP Spell Check plugin <= 7.1.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Takuya Yamaguchi in WordPress WP Spell Check plugin versions = 7.1.9. Solution Update the WordPress WP Spell Check plugin to the latest available version at least 7.1.10...
WordPress YITH WooCommerce Waiting List plugin <=1.3.10 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Waiting List plugin versions =1.3.10. Solution Update the WordPress YITH WooCommerce Waiting List plugin to the latest available version at least 1.3.11...
WordPress YITH WooCommerce Cart Messages plugin <=1.4.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Cart Messages plugin versions =1.4.4. Solution Update the WordPress YITH WooCommerce Cart Messages plugin to the latest available version at least 1.4.5...
WordPress Visualizer plugin <= 3.3.0 - Server-Side Request Forgery (SSRF)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks. Solution Update the plugin to the latest version...
WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Damian Ebelties in WordPress WooCommerce Product Feed plugin versions = 3.1.14. Solution Update the WordPress WooCommerce Product Feed plugin to the latest available version at least 3.1.15...
WordPress Variation Swatches for WooCommerce plugin <= 1.0.61 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found in WordPress Variation Swatches for WooCommerce plugin versions = 1.0.61. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 1.0.62...
WordPress Easy Forms for Mailchimp plugin <= 6.5.2 - Code Injection vulnerability
Code Injection vulnerability found by Henri Salo in WordPress Easy Forms for Mailchimp plugin versions = 6.5.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.5.3...
WordPress Web Librarian plugin <= 3.5.4 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found in WordPress Web Librarian plugin versions = 3.5.4. Solution Update the WordPress Web Librarian plugin to the latest available version at least 3.5.5...
WordPress WP SVG Icons plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by zeroauth in WordPress WP SVG Icons plugin versions = 3.2.2. Solution Update the WordPress WP SVG Icons plugin to the latest available version at least 3.2.3...
WordPress WP Fastest Cache plugin <= 0.8.9.5 - Directory Traversal vulnerability
Directory Traversal vulnerability found by Imre Rad in WordPress WP Fastest Cache plugin versions = 0.8.9.5. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.8.9.6...
WordPress WPGraphQL plugin <= 0.2.3 - Multiple Vulnerabilities
Multiple Vulnerabilities found in WordPress WPGraphQL plugin versions = 0.2.3. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 0.3.0...
WordPress WP Google Maps plugin <= 7.10.41 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress WP Google Maps plugin versions = 7.10.41. Solution Update the WordPress WP Google Maps plugin to the latest available version at least 7.10.43...
WordPress Give plugin <= 2.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Give plugin versions = 2.3.0. Solution Update the WordPress Give plugin to the latest available version at least 2.3.1...
WordPress Contact Form Email plugin <= 1.2.65 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Tim Coen in WordPress Contact Form Email plugin versions = 1.2.65. Solution Update the WordPress Contact Form Email plugin to the latest available version at least 1.2.66...
WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by takagisan in WordPress Google XML Sitemaps plugin version = 4.0.9. Solution Update the WordPress Google XML Sitemaps plugin to the latest available version at least 4.1.0...
WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...
WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability
CSV Injection vulnerability found by Javier Olmedo in WordPress Export Users to CSV plugin versions = 1.1.1. Solution 2018.09.01 - we were unable to find a patched version of this plugin...
WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability
Remote Command Execution RCE vulnerability found by "aas" in WordPress Plainview Activity Monitor plugin versions = 20161228. Solution Update the WordPress Plainview Activity Monitor plugin to the latest available version at least 20180826...
WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Qlirim Emini in WordPress Chained Quiz plugin versions = 1.0.8. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.0.9...
WordPress wpForo Forum plugin <=1.4.9 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection via a search with the /forum/ wpfo parameter found by cate4cafe in WordPress wpForo Forum plugin versions =1.4.9. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 1.4.11...
WordPress Cookie Consent plugin <=2.3.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress Cookie Consent plugin versions =2.3.9. Solution Update the WordPress Cookie Consent plugin to the latest available version at least 2.3.10...
WordPress Background Takeover plugin <=4.1.4 - Directory Traversal vulnerability
Directory Traversal vulnerability found in WordPress Background Takeover plugin versions =4.1.4. Unescaped URL allows access to other files. Solution Update the WordPress Background Takeover plugin to the latest available version at least 4.1.5...
WordPress WP Security Audit Log plugin <=3.1.1 - Sensitive Information Disclosure
Sensitive Information Disclosure found in WordPress WP Security Audit Log plugin versions =3.1.1. Failed login log files indexable by Google. Solution Update the WordPress WP Security Audit Log plugin to the latest available version at least 3.1.2...
WordPress Activity Log plugin <=2.4.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress Activity Log plugin versions =2.4.0 Solution Update the WordPress Activity Log plugin to the latest available version at least 2.4.1...
WordPress WP Retina 2x plugin <=5.2.0 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress WP Retina 2x plugin versions =5.2.0. The vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Update the WordPress WP Retina 2x plugin to the latest available version at least 5.2.2...
WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found Dumpcore in WordPress Instagram Feed plugin versions =1.5.1. Solution Update the WordPress Instagram Feed plugin to the latest available version at least 1.6...
WordPress Social Media Widget by Acurax plugin <=3.2.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Panagiotis Vagenas in WordPress Social Media Widget by Acurax plugin versions =3.2.5. Solution Update the WordPress Social Media Widget by Acurax plugin to the latest available version at least 3.2.6...
WordPress SagePay Server Gateway for WooCommerce plugin <=1.0.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress SagePay Server Gateway for WooCommerce plugin versions =1.0.8. Solution Update the WordPress SagePay Server Gateway for WooCommerce plugin to the latest available version at least 1.0.9...
WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability (3)
A third Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...
WordPress Smart Google Code Inserter plugin <=3.4 - Authorization bypass vulnerability
Authorization bypass vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions =3.4. Solution Update the WordPress Smart Google Code Inserter plugin to the latest available version at least version 3.5...
WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...
WordPress Duplicator plugin <=1.2.28 – Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Duplicator plugin versions =1.2.28. The plugin is vulnerable due to incorrectly filtered values "urlnew" and "logging". Solution Update the WordPress Duplicator plugin to the latest available version at least...
WordPress WP Simple Booking Calendar Premium plugin 5.0–5.4 <= Unauthenticated Data leak
The booking notes are shown in the source code of the page. Solution Update the plugin to 5.5 version...
WordPress WatuPRO plugin 5.5.1 - SQL Injection vulnerability
SQL Injection vulnerability found by Manich Koomsusi in WatuPRO 5.5.1 WordPress plugin. Data sent with “watuproquestions” parameter not sanitized before SQL statement. Solution Update the WatuPRO WordPress plugin to the latest available version at least 5.5.3.7...
WordPress plugin WP Support Plus Responsive Ticket System <= 7.1.3 - Privilege Escalation
WordPress plugin WP Support Plus Responsive Ticket System 7.1.3 earlier versions and 7.1.4 vulnerable to privilege escalation. It is possible to log in as any user without knowing password due to the incorrect usage of "wpsetauthcookie". Solution Update the plugin to the latest version atleast...
WordPress BBS e-Franchise Plugin <= 1.1.1 - SQL Injection
This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress YITH WooCommerce Compare Plugin <= 2.0.9 - PHP Object injection
Because of this vulnerability, attackers can execute arbitrary PHP code. Solution Update the plugin...
WordPress W3 Total Cache Plugin <= 0.9.4.1 - Arbitrary File Upload
This plugin is prone to an authenticated arbitrary file upload vulnerability. Solution Update the plugin...
WordPress Contact Bank Plugin <= 2.1.21 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Indexisto Plugin <= 1.0.5 - Reflected XSS
This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...
WordPress <= 4.5.2 - Denial of Service Attacks
Because of oEmbed protocol implementation in WordPress, an attacker can cause a denial of service via unspecified vectors. Solution Update WordPress...
WordPress EWWW Image Optimizer Plugin <= 2.8.3 - Remote Code Execution
Because of this vulnerability, attackers can create a backdoor or take a site down altogether. Solution Upgrade this plugin...