46702 matches found
WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.11 - XSS
This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...
WordPress Booking Calendar Contact Form Plugin 1.1.23 - Unauthenticated SQL Injection
This WordPress Booking Calendar Contact Form plugin's "action=cpabcappointmentscheckIPNverification" parameter is prone to an unauthenticated SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the...
WordPress Wordfence Plugin <= 5.1.4 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...
WordPress WP RSS Multi Importer Plugin <= 3.15 - Multiple Vulnerabilities
This plugin is prone to an SQL injection and cross site scripting vulnerabilities. Because of them, remote authenticated users can execute arbitrary SQL commands and inject HTML and JavaScript. Solution Upgrade this plugin...
WordPress Appointment Booking Calendar Plugin <= 1.1.7 - Multiple XSS
These vulnerabilities allow an attacker to inject an arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...
WordPress Wordfence Plugin <= 5.2.3 - Bypass
This plugin is prone to banned IP functionality bypass vulnerability. Unlogged requests won't trigger automatic throttling and banning. Solution Update plugin...
WordPress Church Admin Plugin 0.800 - Stored XSS
Better Church Admin plugins is prone to a stored XSS vulnerability that allow to steal cookies or gain privileged access to the affected site. Solution Fixed in version 0.810...
WordPress Landing Pages Plugin <= 1.8.4 - XSS
Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. Solution Upgrade the plugin...
WordPress NewStatPress Plugin 0.9.8 - Multiple Vulnerabilities
NewStatPress plugin is prone to multiple vulnerabilities, such as authenticated SQL injection and authenticated XSS. Solution Update the plugin...
WordPress Slideshow Plugin <= 2.2.21 - Bypass
This plugin is prone to option value disclosure vulnerability. Solution Update plugin...
WordPress WP Cumulus Plugin <= 1.22 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Modern Theme <= 1.4.1 - Cross Site Scripting
This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...
WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities
TheCartPress plugin is prone to multiple vulnerabilities, such as local PHP file inclusion, stored XSS, improper access control and multiple XSS vulnerabilities. Solution Update the plugin...
WordPress Fusion Theme <= 3.1 - Arbitrary File Upload
Because of this vulnerability in this Fusion theme, the authenticated users can execute arbitrary code by uploading a file with an executable extension in a fusionsave action and then accessing it via unspecified vectors. Solution Update the theme...
WordPress Contact Form DB Plugin <= 2.8.26 - XSS
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "submittime" parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php. Solution Update the plugin...
WordPress Contact Form DB Plugin <= 2.8.31 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that delete all plugin records. Solution Upgrade the plugin...
WordPress Spider Facebook Plugin <= 1.0.10 - Multiple XSS
Because of these vulnerabilities, some parameters are shown unsanitized. Solution Upgrade the plugin...
WordPress WPLMS Learning Management System Theme <= 1.8.4.1 - Privilege Escalation
Because of this vulnerability, the attackers can have an administrator account on the target's website. Solution Update the theme...
WordPress Pixabay Images Plugin 2.3 - Multiple Vulnerabilities
WordPress Pixarbay Images plugin is prone to multiple vulnerabilities, such as authentication bypass, arbitrary file upload, path traversal and cross-site scripting XSS vulnerabilities. Solution Upgrade the plugin...
WordPress Another WordPress Classifieds Plugin - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the query string to the default URI. Solution Update the plugin...
WordPress April's Super Functions Pack Plugin <= 1.4.7 - XSS
Because of this vulnerability in readme.php, the attackers to inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...
WordPress Google Captcha Plugin <= 1.12 - BYPASS
Because of this vulnerability, attackers can bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Solution Update the plugin...
WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF
Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...
WordPress All in One SEO Pack Plugin <= 2.2.5 - Information Management
All in One SEO Pack plugin is prone to an information management vulnerability. The attackers can obtain sensitive information by reading HTML source code, because this plugin does not consider the presence of password protection during generation of the Meta Description field. Solution Update th...
WordPress Relevanssi Plugin <= 3.3.7 - XSS
This vulnerability allows the attackers to inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...
WordPress Sliding Social Icons Plugin <= 1.61 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution No fix available, because the plugin has...
WordPress Wp Unique Article Header Image Plugin <= 1.0 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution There is no solution, because plugin is...
WordPress Simple Life Plugin <=1.2 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...
WordPress Google Analytics Plugin <= 5.1.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...
WordPress XCloner Plugin - Multiple Vulnerabilities
XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...
WordPress Spreadsheet Plugin <= 0.62- SQL Injection
This Spreadsheet plugin is prone to an SQL injection vulnerability, that allows the attackers to execute arbitrary SQL commands via the "ssid" parameter. Solution Update the plugin...
WordPress InfusionSoft Plugin - Upload Vulnerability
InfusionSoft plugin is prone to vulnerability that allows for arbitrary file upload and remote code execution. Solution Update the plugin...
WordPress Advanced Access Manager Plugin <= 2.8.2 - Admin User File Read/Write
Because of this vulnerability, attackers can write arbitrary content to arbitrary files. Solution Update the plugin...
WordPress WP Support Plus Responsive Ticket System Plugin 2.0 - Multiple Vulnerabilities
There are 4 multiple vulnerabilities in this plugin. 1. SQL injection. 2. Full path disclosure. With this vulnerability full path to the file will be shown to the user after the file has been uploaded. 3. Directory traversal that allows download any file from the server. 4. Broken authentication...
WordPress W3 Total Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability
WordPress W3 Total Cache plugin's "admin.php" is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the WordPress W3 Total...
WordPress Mobile Pack Plugin <= 2.0.1 - Information Disclosure
Because of this vulnerability, the attackers can obtain sensitive information via an exportarticles action to export/content.php. Solution Update the plugin...
WordPress Disqus Plugin 2.7.5 - Admin Stored CSRF and XSS
Disqus plugin is prone to an admin stored CSRF and XSS vulnerabilities. Solution Update the plugin...
WordPress <=3.9.1 - Multiple Vulnerabilities #2
wp-includes/pluggable.php rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, that allows the attackers to bypass a CSRF protection mechanism via a brute-force attack. Related records:...
WordPress GB Gallery Slideshow Plugin - SQL Injection
This WordPress GB Gallery Slideshow plugin's "wp-admin/admin-ajax.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Last.FM Rotation Plugin <= 3.3 - Local File Inclusion
Because of this vulnerability in lastfm-proxy.php, the attackers can read arbitrary files in the "snode" parameter. Solution Update the plugin...
WordPress Lead Octopus Power Plugin - SQL Injection
This WordPress Lead Octopus Power plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Brute Force Login Protection plugin <= 1.5.3 - Arbitrary IP Removal/Add via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary IP Removal/Add via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Brute Force Login Protection plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of April 7, 2022 and is not available for download. This closure is temporary,...
WordPress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities
Simple Share Buttons Adder plugin is prone to multiple vulnerabilities CSRF and XSS that allow an attacker to convince an admin to visit a link of their choosing. Solution Update to version 4.5...
WordPress Rezgo Online Booking Plugin <= 1.8.1 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Picasa Image Plugin <=1.0 - XSS
Because of this vulnerability in picasaupload.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...
WordPress BookX Plugin - Local File Include
BookX plugin's "includes/bookxexport.php" is prone to a local file include vulnerability because of failure of validation user-supplied input. It allows an attacker to get potentially sensitive information. Solution Update the plugin...
WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...
WordPress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities
WordPress iMember360 plugin is prone to multiple vulnerabilities, such as XSS, arbitrary user deletion, arbitrary code execution and disclosure of database credentials vulnerabilities. Solution Upgrade the plugin...
WordPress WP Forum Server Plugin <= 1.7.4 - XSS
Because of this vulnerability in fs-admin/wpf-add-forum.php, the attackers can inject arbitrary web script or HTML via the "groupid" parameter. Solution Update the plugin...
WordPress OptimizePress Theme <= 1.60 - File Upload Vulnerability
Multiple unrestricted file upload vulnerabilities, the attackers can execute arbitrary code by uploading a file with an executable extension, then accessing it. Solution Update the theme...