46571 matches found
WordPress WP YouTube Live plugin <= 1.7.21 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP YouTube Live plugin versions = 1.7.21. Solution Update the WordPress WP YouTube Live plugin to the latest available version at least 1.7.22...
WordPress iQ Block Country plugin <= 1.2.12 - Arbitrary File Deletion vulnerability via Zip Slip
Arbitrary File Deletion vulnerability via Zip Slip discovered by Ceylan Bozogullarindan in WordPress iQ Block Country plugin versions = 1.2.12. Solution Update WordPress iQ Block Country plugin to the latest available version at least 1.2.13...
WordPress 5 Stars Rating Funnel plugin <= 1.2.49 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress 5 Stars Rating Funnel plugin versions = 1.2.49. Solution Update the WordPress 5 Stars Rating Funnel plugin to the latest available version at least 1.2.50...
WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability via currentpagetype discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...
WordPress Ad Inserter Pro premium plugin <= 2.7.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Ad Inserter Pro premium plugin versions = 2.7.8. Solution Update the WordPress Ad Inserter Pro premium plugin to the latest available version at least 2.7.10...
WordPress BulletProof Security plugin <= 5.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Vincent Rakotomanga in WordPress BulletProof Security plugin versions = 5.1. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.2...
WordPress WP ViperGB Plugin <= 1.3.10 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress Repagent Plugin <= 2.2.2 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in dewplayer-vinyl.swf xml and dewplayer-vinyl-en.swf xml parameters. Solution Update the plugin...
WordPress CommentLuv Plugin - Cross Site Scripting
WordPress CommentLuv plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Magical Addons For Elementor plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by zer0gh0st in WordPress Plugin Magical Addons For Elementor versions = 1.3.8...
WordPress Elementor Website Builder Plugin 3.3.0-3.18.1 is vulnerable to Arbitrary File Upload
Software Elementor Website Builder Type Plugin Vulnerable versions 3.3.0-3.18.1 Fixed in 3.18.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48777 Patch priority High CVSS severity High 9.9 Developer Elementor PSID 64baf5c2aab5 Credits Hồng Quân luk6785 at VNPT-VCI...
WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Serial Numbers for WooCommerce – License Manager Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46078 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...
WordPress All In One Video Gallery Plugin 2.5.8 to 2.6.0 - Unauthenticated Arbitrary File Download & SSRF vulnerability
Unauthenticated Arbitrary File Download & SSRF vulnerability discovered by Gabriele Zuddas in All-in-One Video Gallery Plugin versions 2.5.8 to 2.6.0 Solution Update the WordPress All-in-One Video Gallery plugin to the latest available version at least 2.6.1...
WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability via malicious SVG file upload discovered by Universe Patchstack Alliance in WordPress Uploading SVG, WEBP and ICO files plugin versions = 1.0.1. Solution No patched version available...
WordPress String Locator plugin <= 2.5.0 - Authenticated PHAR Deserialization vulnerability
Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress String Locator plugin versions = 2.5.0. Solution Update the WordPress String locator plugin to the latest available version at least 2.6.0...
WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Persistent Cross-Site Scripting XSS was discovered by BEE-K Patchstack in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution Deactivate and delete. No patched version is available. No reply from the vendor...
WordPress Discy premium theme < 5.2 - Restore Default Settings via Cross-Site Request Forgery (CSRF) vulnerability
Restore Default Settings via Cross-Site Request Forgery CSRF vulnerability discovered by Bikram Kharal in WordPress Discy premium theme versions 5.2. Solution Update the WordPress Discy premium theme to the latest available version at least 5.2...
WordPress Change wp-admin login plugin <= 1.0.9 - Unauthenticated Arbitrary Settings Update vulnerability
Unauthenticated Arbitrary Settings Update vulnerability discovered by Daniel Ruf in WordPress Change wp-admin login plugin versions = 1.0.9. Solution Update the WordPress Change wp-admin login plugin to the latest available version at least 1.1.0...
WordPress EXMAGE plugin <= 1.0.6 - Blind Server-Side Request Forgery (SSRF) vulnerability
Blind Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress EXMAGE plugin versions = 1.0.6. Solution Update the WordPress EXMAGE plugin to the latest available version at least 1.0.7...
WordPress Ad Inserter Pro premium plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter Pro premium plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter Pro premium plugin to the latest available version at least 2.7.12...
WordPress Amelia plugin <= 1.0.48 - Arbitrary Appointments Status Update vulnerability
Arbitrary Appointments Status Update vulnerability discovered by Huli from Cymetrics in WordPress Amelia plugin versions = 1.0.48. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.49...
WordPress OSMapper plugin <= 2.1.5 - Unauthenticated Arbitrary Post Deletion vulnerability
Unauthenticated Arbitrary Post Deletion vulnerability discovered by dc11 in WordPress OSMapper plugin versions = 2.1.5. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Widget Detector for Elementor plugin < 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Widget Detector for Elementor plugin versions 1.2.0. Solution Update the WordPress Widget Detector for Elementor plugin to the latest available version at least 1.2.0...
WordPress Infographic Maker – iList plugin <= 4.3.7 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Infographic Maker – iList plugin versions = 4.3.7. Solution Update the WordPress Infographic Maker – iList plugin to the latest available version at least 4.3.8...
WordPress WP Time Slots Booking Form plugin <= 1.1.62 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rubina Shaikh in WordPress WP Time Slots Booking Form plugin versions = 1.1.62. Solution Update the WordPress WP Time Slots Booking Form plugin to the latest available version at least 1.1.63...
WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...
WordPress Astra Pro premium plugin <= 3.5.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Ngoc Nguyen in WordPress Astra Pro premium plugin versions = 3.5.1. Solution Update the WordPress Astra Pro premium plugin to the latest available version at least 3.5.2...
WordPress Master Slider plugin <= 3.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vulnerability-Lab in WordPress Master Slider plugin versions = 3.7.0. Solution Update the WordPress Master Slider plugin to the latest available version at least 3.7.1...
WordPress OneTone theme <= 3.0.6 - Unauthenticated options change vulnerability
Unauthenticated options change vulnerability discovered by NinTechNet in WordPress OneTone theme versions = 3.0.6. Solution No patched version is available...
WordPress Super Cache Plugin <= 1.3 - XSS
This plugin is prone to: trunk/plugins/wptouch.php URI XSS, trunk/plugins/searchengine.php URI XSS, trunk/plugins/domain-mapping.php URI XSS, trunk/plugins/badbehaviour.php URI XSS, trunk/plugins/awaitingmoderation.php URI XSS, trunk/wp-cache.php wpnonceurl Function URI XSS vulnerability. Solutio...
WordPress <=4.0.1 - Denial of Service Attacks
WordPress 4.0.1 is prone to a denial of service vulnerability that allows an attacker to send specially crafted requests. These requests resulting in CPU and memory exhaustion and in that way the site becomes unavailable. Solution Update WordPress...
WordPress Booking Calendar Plugin - SQL Injection
This WordPress Booking Calendar plugin's "bookingformid" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress <= 3.5.0 - SSRF
Because of The XMLRPC API, the attackers can send HTTP requests to intranet servers. Also, they can conduct port-scanning attacks by specifying a crafted source URL for a pingback. Solution Update WordPress...
WordPress 3.3.1 - Multiple CSRF Vulnerabilities
WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token wpnonce, wpnoncecreate-user, ajaxnonce, wpnonce-custom-background-upload, wpnonce-custom-header-upload generation. Multiple CSRF allow ...
WordPress Migration, Backup, Staging – WPvivid Backup & Migration plugin <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin WPvivid Backup and Migration versions = 0.9.116...
WordPress JetMenu Plugin <= 2.4.1 is vulnerable to Broken Access Control
Software JetMenu Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID d2123458ae3d Credits Rafie Muhammad Patchstack Required...
WordPress Article Directory Redux Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Article Directory Redux Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30751 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1d10759d477b Credits Pavitra Tiwari...
WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability leading to API Key Update
Cross-Site Request Forgery CSRF vulnerability leading to API Key Update discovered by Rasi Afeef Patchstack Alliance in WordPress GetResponse plugin versions = 5.5.20. Solution Update the WordPress GetResponse for WordPress plugin to the latest available version at least 5.5.21...
WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Social Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress WP Meta SEO plugin versions = 4.4.8. Solution Update the WordPress WP Meta SEO plugin to the latest available version at least 4.4.9...
WordPress Member Hero plugin <= 1.0.9 - Unauthenticated Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution RCE vulnerability discovered by Harald Eilertsen in WordPress Member Hero plugin versions = 1.0.9. Solution Deactivate and delete. This plugin has been closed as of March 23, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Opal Hotel Room Booking plugin versions = 1.2.7. Solution Deactivate and delete. No reply from the vendor...
WordPress Popup by Supsystic plugin <= 1.10.8 - Unauthenticated Subscriber Email Addresses Disclosure vulnerability
Unauthenticated Subscriber Email Addresses Disclosure vulnerability discovered by Felipe de Avila in WordPress Popup by Supsystic plugin versions = 1.10.8. Solution Update the WordPress Popup by Supsystic plugin to the latest available version at least 1.10.9...
WordPress Menubar plugin <= 5.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Menubar plugin versions = 5.7.2. Solution Update the WordPress Menubar plugin to the latest available version at least 5.8...
WordPress Essential Addons for Elementor plugin <= 5.0.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Pham Van Khanh rskvp93 from VCSLab of Viettel Cyber Security & Nguyen Dinh Bien biennd4 from VCSLab of Viettel Cyber Security in WordPress Essential Addons for Elementor plugin versions = 5.0.8. Solution Update the WordPress Essential...
WordPress Page View Count plugin <= 2.4.14 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Page View Count plugin versions = 2.4.14. Solution Update the WordPress Page View Count plugin to the latest available version at least 2.4.15...
WordPress WP Import Export Lite plugin <= 3.9.15 - Unauthenticated Sensitive Data Disclosure vulnerability
Unauthenticated Sensitive Data Disclosure vulnerability discovered by Karan Saini in WordPress WP Import Export Lite plugin versions = 3.9.15. Solution Update the WordPress WP Import Export Lite plugin to the latest available version at least 3.9.16...
WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Survey Maker plugin versions = 2.0.6. Solution Update the WordPress Survey Maker plugin to the latest available version at least 2.0.7...
WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability
Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.4. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.5...
WordPress Jetpack plugin <= 9.7.1 - Attached Image Comment Leak For Non-Published Post And Pages in Carousel Feature
Page/Post Attachment Comment Leak Of Not Published Post And Pages in Carousel Feature discovered by nguyenhgvcs in WordPress Jetpack plugin versions = 9.7.1. Solution Update the WordPress Jetpack plugin to the latest available version at least 9.8...
WordPress SP Project & Document Manager plugin <= 4.21 - Authenticated Shell Upload vulnerability
Authenticated Shell Upload discovered by Viktor Markopoulos vict0ni in WordPress SP Project & Document Manager plugin versions = 4.21. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.22...