WordPress Bulk Page Creator plugin <= 1.1.3 - Arbitrary Page Creation via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Page Creation via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Bulk Page Creator plugin versions = 1.1.3. Solution Update the WordPress Bulk Page Creator plugin to the latest available version at least 1.1.4...

WordPress Amazon Link plugin <= 3.2.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Amazon Link plugin versions = 3.2.10. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download. This closur...

WordPress Simple Real Estate Pack plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Simple Real Estate Pack plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download...

WordPress StaffList plugin <= 3.1.5 - Arbitrary Staff Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Staff Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Hassan Khan Yusufzai in the WordPress StaffList plugin versions = 3.1.5. Solution Update the WordPress StaffList plugin to the latest available version at least 3.1.6...

WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Night Mode plugin versions = 1.0.0. Solution Update the WordPress Night Mode plugin to the latest available version at least 1.4.0...

WordPress WPC Smart Wishlist for WooCommerce plugin <= 2.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress WPC Smart Wishlist for WooCommerce plugin versions = 2.9.8. Solution Update the WordPress WPC Smart Wishlist for WooCommerce plugin to the latest available version at least 2.9.9...

WordPress Wbcom BuddyPress Check-ins Pro premium plugin <= 1.3.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom BuddyPress Check-ins Pro premium plugin versions = 1.3.0. Solution Update the WordPress Wbcom BuddyPress Check-ins Pro premium plugin to the latest available version at least 1.4....

WordPress LifterLMS PayPal plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress LifterLMS PayPal plugin versions = 1.3.0. Solution Update the WordPress LifterLMS PayPal plugin to the latest available version at least 1.4.0...

WordPress Master Elements plugin <= 8.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Master Elements plugin versions = 8.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Good & Bad Comments plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Nitin Gaikwad in WordPress Good & Bad Comments plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of March 25, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Simple Event Planner plugin versions = 1.5.4. Solution Update the WordPress Simple Event Planner plugin to the latest available version at least 1.5.5...

WordPress Amelia plugin <= 1.0.47 - SMS Service Abuse and Sensitive Data Disclosure vulnerability

SMS Service Abuse and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.47. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.48...

WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Size Charts Plugin for WooCommerce plugin versions = 2.2.2. Solution Update the WordPress Product Size Charts Plugin for WooCommerce plugin to the latest available version at least 2.2.3...

WordPress Contact Widgets For Elementor plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Widgets For Elementor plugin versions = 1.0.5. Solution Update the WordPress Contact Widgets For Elementor plugin to the latest available version at least 1.0.6...

WordPress LawPress – Law Firm Website Management plugin <= 1.4.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress LawPress – Law Firm Website Management plugin versions = 1.4.4. Solution Update the WordPress LawPress – Law Firm Website Management plugin to the latest available version at least 1.4.5...

WordPress Files Download Delay plugin < 1.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Files Download Delay plugin versions 1.0.4. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.4...

WordPress Magic Post Thumbnail plugin < 3.3.11 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Magic Post Thumbnail plugin versions 3.3.11. Solution Update the WordPress Magic Post Thumbnail plugin to the latest available version at least 3.3.11...

WordPress Premmerce Frequently Bought Together for WooCommerce plugin <= 1.0.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Frequently Bought Together for WooCommerce plugin versions = 1.0.9. Solution No patched version available...

WordPress Add Pinterest conversion tags for Pinterest Ads + Site verification plugin <= 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Add Pinterest conversion tags for Pinterest Ads + Site verification plugin versions = 1.2.2. Solution Update the Add Pinterest conversion tags for Pinterest Ads + Site verification plugin to the latest available version at lea...

WordPress WCC SEO Keyword Research plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WCC SEO Keyword Research plugin versions = 1.0.0. Solution No patched version available...

WordPress CartPops – High Converting Add To Cart Popup For WooCommerce plugin <= 1.4.16 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress CartPops – High Converting Add To Cart Popup For WooCommerce plugin versions = 1.4.16. Solution Update the WordPress CartPops – High Converting Add To Cart Popup For WooCommerce plugin to the latest available version at least...

WordPress eCommerce Addon plugin < 1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress eCommerce Addon plugin versions 1.3. Solution Update the WordPress eCommerce Addon plugin to the latest available version at least 1.3...

WordPress Widgets for SiteOrigin plugin <= 1.4.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Widgets for SiteOrigin plugin versions = 1.4.8. Solution No patched version available...

WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin < 1.4.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin versions 1.4.2. Solution Update the WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin to the...

WordPress Before and After Product Images for WooCommerce plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Before and After Product Images for WooCommerce plugin versions = 1.0.3. Solution No patched version available...

WordPress RevivePress – Keep your Old Content Evergreen plugin < 1.3.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress RevivePress – Keep your Old Content Evergreen plugin versions 1.3.1. Solution Update the WordPress RevivePress – Keep your Old Content Evergreen plugin to the latest available version at least 1.3.1...

WordPress WP School Calendar plugin <= 3.5.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP School Calendar plugin versions = 3.5.10. Solution Update the WordPress WP School Calendar plugin to the latest available version at least 3.6...

WordPress StoreCustomizer – WooCommerce plugin to Customize all WooCommerce Pages plugin < 2.3.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress StoreCustomizer – WooCommerce plugin to Customize all WooCommerce Pages plugin versions 2.3.8. Solution Update the WordPress StoreCustomizer – WooCommerce plugin to Customize all WooCommerce Pages plugin to the latest availabl...

WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Wishlist for WooCommerce plugin versions = 1.1.7. Solution Update the WordPress Premmerce Wishlist for WooCommerce plugin to the latest available version at least 1.1.8...

WordPress AnyWhere Elementor plugin < 1.2.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress AnyWhere Elementor plugin versions 1.2.5. Solution Update the WordPress AnyWhere Elementor plugin to the latest available version at least 1.2.5...

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.4. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at least 3.5.5...

WordPress NotificationX plugin <= 2.3.11 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by mikemyers in WordPress NotificationX plugin versions = 2.3.11. Solution Update the WordPress NotificationX plugin to the latest available version at least 2.3.12...

WordPress Amelia plugin <= 1.0.45 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...

WordPress BulletProof Security plugin <= 5.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress BulletProof Security plugin versions = 5.7. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.8...

WordPress Contact Form Submissions plugin <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Contact Form Submissions plugin versions = 1.7.2. Solution Update the WordPress Contact Form Submissions plugin to the latest available version at least 1.7.3...

WordPress GDMylist plugin <= 1.1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress GDMylist plugin versions = 1.1.1. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress WP Voting Contest plugin <= 2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress WP Voting Contest plugin versions = 2.1. Solution Update the WordPress WP Voting Contest plugin to the latest available version at least 3.0...

WordPress Powerkit plugin <= 2.5.8 - Post Views Settings Update/Reset via Cross-Site Request Forgery (CSRF) vulnerability

Post Views Settings Update/Reset via Cross-Site Request Forgery CSRF vulnerability discovered by Jan w Oleju in WordPress Powerkit plugin versions = 2.5.8. Solution Update the WordPress Powerkit plugin to the latest available version at least 2.5.9...

WordPress Social Media Feather plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Social Media Feather plugin versions = 2.0.4. Solution Update the WordPress Social Media Feather plugin to the latest available version at least 2.0.5...

WordPress Custom Content Shortcode plugin <= 3.8.9 - Unauthorized Arbitrary Post Metadata Access vulnerability

Unauthorized Arbitrary Post Metadata Access vulnerability discovered by Francesco Carlucci in WordPress Custom Content Shortcode plugin versions = 3.8.9. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.0...

WordPress Custom Content Shortcode plugin <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion (LFI) vulnerability

Authenticated Arbitrary File Access / Local File Inclusion LFI vulnerability discovered by Francesco Carlucci in WordPress Custom Content Shortcode plugin versions = 4.0.1. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.2...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 5.4 - Arbitrary IP Address Exclusion to Stored Cross-Site Scripting (XSS) vulnerability

Arbitrary IP Address Exclusion to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Visitor Statistics Real Time Traffic plugin versions = 5.4. Solution Update the WordPress WP Visitor Statistics Real Time Traffic plugin to the latest available version at...

WordPress WP Accessibility Helper (WAH) plugin <= 0.6.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Accessibility Helper WAH plugin versions = 0.6.0.6. Solution Update the WordPress WP Accessibility Helper WAH plugin to the latest available version at least 0.6.0.7...

WordPress Duplicate Page or Post plugin <= 1.5.0 - Arbitrary Settings Update leading to Stored Cross-Site Scripting (XSS) vulnerability

Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Duplicate Page or Post plugin versions = 1.5.0. Solution Update the WordPress Duplicate Page or Post plugin to the latest available version at least 1.5.1...

WordPress Complianz – GDPR/CCPA Cookie Consent plugin <= 5.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Complianz – GDPR/CCPA Cookie Consent plugin versions = 5.5.2. Solution Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version at least 6.0.0...

WordPress Noptin plugin <= 1.6.4 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Trang LKB in WordPress Noptin plugin versions = 1.6.4. Solution Update the WordPress Noptin plugin to the latest available version at least 1.6.5...

WordPress WP Import Export premium plugin <= 3.9.15 - Unauthenticated Sensitive Data Disclosure vulnerability

Unauthenticated Sensitive Data Disclosure vulnerability discovered by Karan Saini in WordPress WP Import Export premium plugin versions = 3.9.15. Solution Update the WordPress WP Import Export premium plugin to the latest available version at least 3.9.16...

WordPress Newsletter, SMTP, Email marketing and Subscribe plugin <= 3.1.30 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Newsletter, SMTP, Email marketing and Subscribe plugin versions = 3.1.30. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe plugin to the latest available version at least 3.1.31...

WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered in WordPress WP Ultimate CSV Importer plugin versions = 6.4. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.1...