46684 matches found
WordPress Plausible Analytics plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera Patchstack Alliance in WordPress Plausible Analytics plugin versions = 1.2.2. Solution Update the WordPress Plausible Analytics plugin to the latest available version at least 1.2.3...
WordPress Events Shortcodes For The Events Calendar plugin <= 1.9 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Events Shortcodes For The Events Calendar plugin versions = 1.9. Solution Update the WordPress Events Shortcodes For The Events Calendar plugin to the latest available version at least 2.0...
WordPress Good & Bad Comments plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Nitin Gaikwad in WordPress Good & Bad Comments plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of March 25, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Text Hover plugin <= 4.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rohan Chaudhari in WordPress Text Hover plugin versions = 4.1. Solution Update the WordPress Text Hover plugin to the latest available version at least 4.2...
WordPress Favicon by RealFaviconGenerator plugin <= 1.3.22 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Favicon by RealFaviconGenerator plugin version = 1.3.22. Solution Update the WordPress Favicon by RealFaviconGenerator plugin to the latest available version at least 1.3.23...
WordPress Amelia plugin <= 1.0.47 - SMS Service Abuse and Sensitive Data Disclosure vulnerability
SMS Service Abuse and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.47. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.48...
WordPress Mark Posts plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Mark Posts plugin versions = 2.0.0. Solution Update the WordPress Mark Posts plugin to the latest available version at least 2.0.1...
WordPress Menu Image, Icons made easy plugin <= 3.0.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Menu Image, Icons made easy plugin versions = 3.0.7. Solution Update the WordPress Menu Image, Icons made easy plugin to the latest available version at least 3.0.8...
WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...
WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin < 1.4.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin versions 1.4.2. Solution Update the WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin to the latest available version at...
WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Permalink Manager for WooCommerce plugin versions = 2.3.4. Solution Update the WordPress Premmerce Permalink Manager for WooCommerce plugin to the latest available version at least 2.3.5...
WordPress "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)" plugin < 1.5.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress "Unlimited Elements For Elementor Free Widgets, Addons, Templates" plugin versions 1.5.3. Solution Update the WordPress "Unlimited Elements For Elementor Free Widgets, Addons, Templates" plugin to the latest available version ...
WordPress WordApp Mobile App Plugin – Convert your WordPress Site to a Mobile App plugin <= 2.0.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WordApp Mobile App Plugin – Convert your WordPress Site to a Mobile App plugin versions = 2.0.3. Solution No patched version available...
WordPress Impexium Single Sign On plugin <= 1.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Impexium Single Sign On plugin versions = 1.1. Solution No patched version available...
WordPress "Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products" plugin <= 0.5.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress "Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products" plugin versions = 0.5.1. Solution Update the WordPress Really Simple Featured Video – Featured video support for Posts, Pages &...
WordPress RSS Control plugin < 2.0.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress RSS Control plugin versions 2.0.8. Solution Update the WordPress RSS Control plugin to the latest available version at least 2.0.8...
WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Size Charts Plugin for WooCommerce plugin versions = 2.2.2. Solution Update the WordPress Product Size Charts Plugin for WooCommerce plugin to the latest available version at least 2.2.3...
WordPress Smart Protect plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Smart Protect plugin versions = 1.1. Solution No patched version available...
WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin versions = 1.0.7. Solution Update the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin to the latest available version at leas...
WordPress Patreon WordPress plugin <= 1.8.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress Patreon WordPress plugin versions = 1.8.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.8.2...
WordPress Simple Quotation plugin <= 1.3.2 - Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting (XSS)
Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This...
WordPress ARI Fancy Lightbox plugin <= 1.3.8 - Reflected Cross-Site Scripting (XSS) vulnerabilities
Reflected Cross-Site Scripting XSS vulnerabilities discovered by Krzysztof Zając in WordPress ARI Fancy Lightbox plugin versions = 1.3.8. Solution Update the WordPress ARI Fancy Lightbox plugin to the latest available version at least 1.3.9...
WordPress WP Voting Contest plugin <= 2.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress WP Voting Contest plugin versions = 2.1. Solution Update the WordPress WP Voting Contest plugin to the latest available version at least 3.0...
WordPress Powerkit plugin <= 2.5.8 - Post Views Settings Update/Reset via Cross-Site Request Forgery (CSRF) vulnerability
Post Views Settings Update/Reset via Cross-Site Request Forgery CSRF vulnerability discovered by Jan w Oleju in WordPress Powerkit plugin versions = 2.5.8. Solution Update the WordPress Powerkit plugin to the latest available version at least 2.5.9...
WordPress CP Blocks plugin <= 1.0.14 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Shweta Mahajan in WordPress CP Blocks plugin versions = 1.0.14. Solution Update the WordPress CP Blocks plugin to the latest available version at least 1.0.15...
WordPress WS Form Pro premium plugin <= 1.8.175 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...
WordPress AP Custom Testimonial plugin <= 1.4.7 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Rafael Castilho in WordPress AP Custom Testimonial plugin versions = 1.4.7. Solution Update the WordPress AP Custom Testimonial plugin to the latest available version at least 1.4.8...
WordPress Duplicate Page or Post plugin <= 1.5.0 - Arbitrary Settings Update leading to Stored Cross-Site Scripting (XSS) vulnerability
Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Duplicate Page or Post plugin versions = 1.5.0. Solution Update the WordPress Duplicate Page or Post plugin to the latest available version at least 1.5.1...
WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update vulnerability
Unauthenticated Arbitrary CSS Update vulnerability discovered by Krzysztof Zając in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.18. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 4.0.19...
WordPress Noptin plugin <= 1.6.4 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Trang LKB in WordPress Noptin plugin versions = 1.6.4. Solution Update the WordPress Noptin plugin to the latest available version at least 1.6.5...
WordPress SupportCandy plugin <= 2.2.6 - Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Ticket Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...
WordPress AF Companion plugin <= 1.1.2 - Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress AF Companion plugin versions = 1.1.2. Solution Update the WordPress AF Companion plugin to the latest available version at least 1.2.0...
WordPress WebP Converter for Media plugin <= 4.0.2 - Unauthenticated Open redirect vulnerability
Unauthenticated Open redirect vulnerability discovered by Krzysztof Zając in WordPress WebP Converter for Media plugin versions = 4.0.2. Solution Update the WordPress WebP Converter for Media plugin to the latest available version at least 4.0.3...
WordPress Opstore theme <= 1.4.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Opstore theme versions = 1.4.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress Brovy theme <= 1.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Brovy theme versions = 1.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...
WordPress PHP Everywhere plugin <= 2.0.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef in WordPress PHP Everywhere plugin versions = 2.0.2. Solution Update the WordPress PHP Everywhere plugin to the latest available version at least 2.0.3...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin <= 3.1.24 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin versions = 3.1.24. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin to the latest available...
WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Contest Gallery plugin versions = 13.1.0.9. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 14.0.0...
WordPress True Ranker plugin <= 2.2.2 - Directory Traversal/Arbitrary File Read vulnerability
Directory Traversal/Arbitrary File Read vulnerability discovered by p7e4 in WordPress True Ranker plugin versions = 2.2.2. Solution Update the WordPress True Ranker plugin to the latest available version at least 2.2.4...
WordPress Simple Image Gallery plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Image Gallery plugin versions = 1.0.6. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress 10Web Social Photo Feed plugin <= 1.4.28 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 10Web Social Photo Feed plugin versions = 1.4.28. Solution Update the WordPress 10Web Social Photo Feed plugin to the latest available version at least 1.4.29...
WordPress Post Duplicator plugin <= 2.26 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd in WordPress Post Duplicator plugin versions = 2.26. Solution Update the WordPress Post Duplicator plugin to the latest available version at least 2.27...
WordPress Contact Form With Captcha plugin <= 1.6.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Yuga Futatsuki Cryptography Laboratory in Tokyo Denki University in WordPress Contact Form With Captcha plugin versions = 1.6.7. Solution Update the WordPress Contact Form With Captcha plugin to...
WordPress Stetic plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Naoki Ogawa Cryptography Laboratory in Tokyo Denki University in WordPress Stetic plugin versions = 1.0.8. Solution Update the WordPress Stetic plugin to the latest available version at least...
WordPress Download Manager plugin <= 3.2.21 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Download Manager plugin versions = 3.2.21. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.22...
WordPress The Monday theme <= 1.4.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress The Monday theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress IDPay for Contact Form 7 plugin <= 2.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress IDPay for Contact Form 7 plugin versions = 2.1.2. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...
WordPress Logo Carousel plugin <= 3.4.1 - Unauthorized Private Post Access vulnerability
Unauthorized Private Post Access vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...
WordPress Directorist plugin <= 7.0.6.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Remote File Upload
Cross-Site Request Forgery CSRF vulnerability leading to Remote File Upload discovered by lostbytes1 in WordPress Directorist plugin versions = 7.0.6.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.0.6.2...
WordPress Quotes Collection plugin <= 2.5.2 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Quotes Collection plugin versions = 2.5.2. Solution Deactivate and delete. This plugin has been closed as of October 13, 2021 and is not available for download. This closure is temporary, pending a full review...