46684 matches found
WordPress Post SMTP Mailer/Email Log plugin <= 2.1.6 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability
Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Post SMTP Mailer/Email Log plugin versions = 2.1.6. Solution Update the WordPress Post SMTP Mailer/Email Log plugin to the latest available version at least 2.1.7...
WordPress WHA Crossword plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress WHA Crossword plugin versions = 1.1.10. Solution Deactivate and delete. No reply from the vendor...
WordPress WHA Crossword plugin <= 1.1.10 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress WHA Crossword plugin versions = 1.1.10. Solution Deactivate and delete. No reply from the vendor...
WordPress Zephyr Project Manager plugin <= 3.2.42 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by Rizacan Tufan in the WordPress Zephyr Project Manager plugin versions = 3.2.42. Solution Update the WordPress Zephyr Project Manager plugin to the latest available version at least 3.2.5...
WordPress WP Users Exporter plugin <= 1.4.2 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress WP Users Exporter plugin versions = 1.4.2. Solution Deactivate and delete. This plugin has been closed as of January 8, 2020 and is not available for download. Reason: Security Issue...
WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Better Delete Revision plugin versions = 1.6.1. Solution Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closur...
WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Launcher: Coming Soon & Maintenance Mode plugin versions = 1.0.11. Solution No patched version is available. Ignored by the vendor...
WordPress Autoptimize Plugin <= 3.1.0 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in Autoptimize versions = 3.1.0 Solution Update the WordPress Autoptimize plugin to the latest available version at least 3.1.1...
WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Gallery PhotoBlocks plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...
WordPress Export All URLs plugin <= 4.3 - Authenticated Arbitrary System File Removal vulnerability
Authenticated Arbitrary System File Removal vulnerability discovered by Raad Haddad in WordPress Export All URLs plugin versions = 4.3. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.4...
WordPress Duplicator plugin <= 1.4.7 - Unauthenticated System Information Disclosure vulnerability
Unauthenticated System Information Disclosure vulnerability discovered by Ihsan Sencan in WordPress Duplicator plugin versions = 1.4.7. Solution Update the WordPress Duplicator plugin to the latest available version at least 1.4.7.1...
WordPress LinkWorth plugin <= 3.3.3 - Arbitrary Setting Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Setting Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress LinkWorth plugin versions = 3.3.3. Solution Update the WordPress LinkWorth plugin plugin to the latest available version at least 3.3.4...
WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...
WordPress Simple SEO plugin <= 1.7.91 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jorgson in WordPress Simple SEO plugin versions = 1.7.91. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.7.92...
WordPress Feed Them Social plugin <= 2.9.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Feed Them Social plugin versions = 2.9.9. Solution Update the WordPress Feed Them Social plugin to the latest available version at least 3.0.1...
WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
Multiple Authenticated SQL Injection SQLi vulnerabilities were discovered by Lenon Leite Patchstack Alliance in the WordPress Homepage Product Organizer for WooCommerce plugin versions = 1.1. Solution No patched version is available. We were unable to contact the vendor...
WordPress Crowdsignal Polls & Ratings plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu SuJrXnm of WuHan University in WordPress Crowdsignal Polls & Ratings plugin versions = 3.0.7. Solution Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version at least 3.0.8...
WordPress mTouch Quiz plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress mTouch Quiz plugin versions = 3.1.3. Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This...
WordPress Invitation Based Registrations plugin <= 2.2.84 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by FengTao in WordPress Invitation Based Registrations plugin versions = 2.2.84. Solution Deactivate and delete. This plugin has been closed as of June 27, 2022 and is not available for download. This closure is temporary,...
WordPress Copyright Proof plugin <= 4.16 - Reflected Cross-Site-Scripting (XSS) vulnerability
Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Copyright Proof plugin versions = 4.16 Solution Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Progressive License plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Daniel Ruf in WordPress Progressive License plugin versions = 1.1.0. Solution Deactivate and delete. This plugin has been closed as of June 22, 2022 and is not available for download. This closu...
WordPress WP Duplicate Page plugin <= 1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress WP Duplicate Page plugin versions = 1.2. Solution Update the WordPress WP Duplicate Page plugin to the latest available version at least 1.3...
WordPress Button Widget Smartsoft plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability to Cross-Site Scripting XSS was discovered by Ryo Onodera Cryptography Laboratory Tokyo Denki University in the WordPress Button Widget Smartsoft plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 8, 2022 a...
WordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSS
Improper Access Control vulnerability leading to multiple Authenticated Stored XSS discovered by Ngo Van Thien Patchstack Alliance in WordPress Custom Popup Builder plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of May 26, 2022 and is not available for...
WordPress Copify plugin <= 1.3.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability to Cross-Site Scripting XSS was discovered by Yuki Hoshi Cryptography Laboratory in Tokyo Denki University in the WordPress Copify plugin versions = 1.3.0 Solution Deactivate and delete. This plugin has been closed as of May 27, 2022 and is not...
WordPress WordPress Security plugin <= 4.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress WordPress Security plugin versions = 4.2.0. Solution Update the WordPress WordPress Security plugin to the latest available version at least 4.2.1...
WordPress miniOrange's Malware Scanner plugin <= 4.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress miniOrange's Malware Scanner plugin versions = 4.5.1. Solution Update the WordPress Malware Scanner plugin to the latest available version at least 4.5.2...
WordPress Flower Delivery by Florist One plugin <= 3.5.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Flower Delivery by Florist One plugin versions = 3.5.15. Solution No fixed version is available...
WordPress New User Approve plugin <= 2.3 - Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability
Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability discovered by Daniel Ruf in WordPress New User Approve plugin versions = 2.3. Solution Update the WordPress New User Approve plugin to the latest available version at least 2.4...
WordPress OpenBook Book Data plugin <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress OpenBook Book Data plugin versions = 3.5.2. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a...
WordPress underConstruction plugin <= 1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress underConstruction plugin versions = 1.20. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.21...
WordPress RB Internal Links plugin <= 2.0.16 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress RB Internal Links plugin versions = 2.0.16. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is...
WordPress Quick Subscribe plugin <= 1.7.1 - Arbitrary Settings Update via CSRF leading to Stored XSS vulnerability
Arbitrary Settings Update via CSRF to Stored XSS vulnerability discovered by Daniel Ruf in WordPress Quick Subscribe plugin versions = 1.7.1. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Phyo Win Shein in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...
WordPress Sideblog plugin <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS
Arbitrary Settings Update via CSRF to Stored XSS discovered by Daniel Ruf in WordPress Sideblog plugin versions = 6.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress JupiterX premium theme <= 2.0.6 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification
Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification discovered by Ramuel Gall Wordfence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0....
WordPress iQ Block Country plugin <= 1.2.18 - Protection Bypass due to IP Spoofing vulnerability
Protection Bypass due to IP Spoofing vulnerability discovered by Daniel Ruf in WordPress iQ Block Country plugin versions = 1.2.18. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress RSVPMaker plugin <= 9.3.2 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress RSVPMaker plugin versions = 9.3.2. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 9.3.3...
WordPress WP Athletics plugin <= 1.1.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Wejdan Alomari in WordPress WP Athletics plugin versions = 1.1.7. Solution Deactivate and delete. This plugin has been closed as of April 28, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Discy premium theme < 5.2 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Bibek Neupane in WordPress Discy premium theme versions 5.2. Solution Update the WordPress Discy premium theme to the latest available version at least 5.2...
WordPress amtyThumb plugin <= 4.2.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress amtyThumb plugin versions = 4.2.0. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not...
WordPress hpb Dashboard plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress hpb Dashboard plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of April 29, 2022 and is not available for download. This closu...
WordPress WP 2FA plugin <= 2.2.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress WP 2FA plugin versions = 2.2.0. Solution Update the WordPress WP 2FA plugin to the latest available version at least 2.2.1...
WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress WP Slider Plugin versions = 1.4.5. Solution No patched version is available. No reply from the vendor...
WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload
Unauthenticated Cross-Site Scripting XSS vulnerability via SVG image upload discovered by Ngo Van Thien Patchstack Alliance in WordPress Tripetto plugin versions = 5.1.4. Solution Update the WordPress Tripetto plugin to the latest available version at least 5.2.0...
WordPress MicroPayments plugin <= 1.9.5 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Kosuke Sakai in WordPress MicroPayments plugin versions = 1.9.5. Solution Update the WordPress MicroPayments plugin to the latest available version at least 1.9.6...
WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by mirphak Patchstack Alliance in WordPress CalderaWP License Manager plugin versions = 1.2.11. Solution Deactivate and delete. The plugin is closed and no more maintained...
WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion
Cross-Site Request Forgery CSRF vulnerability leading to Cache Deletion discovered by Ex.Mi Patchstack in WordPress eRoom plugin versions = 1.3.8. Solution Update the WordPress eRoom plugin to the latest available version at least 1.3.9...
WordPress Visual Form Builder plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Visual Form Builder plugin versions = 3.0.6. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.7...
WordPress SiteGround Security plugin <= 1.2.5 - Authentication Bypass via 2-Factor Authentication Setup vulnerability
Authentication Bypass via 2-Factor Authentication Setup vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at least 1.2.6...