46684 matches found
WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection
Software Subscribe to Category Type Plugin Vulnerable versions = 2.7.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32590 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2968f51bb060 Credits Mika Required privilege Unauthenticated...
WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)
Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...
WordPress WPBulky Plugin < 1.0.10 is vulnerable to Cross Site Scripting (XSS)
Software WPBulky Type Plugin Vulnerable versions 1.0.10 Fixed in 1.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30482 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f12e0267c313 Credits Abde Ouabala Required privilege...
WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)
Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...
WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection
Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...
WordPress HTTP Headers Plugin < 1.18.11 is vulnerable to Remote Code Execution (RCE)
Software HTTP Headers Type Plugin Vulnerable versions 1.18.11 Fixed in 1.18.11 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1208 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d18b01c455ff Credits qerogramat Kakao Style Corp. Required...
WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
Software NOO Timetable Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d615de5bc83f Credits Cat Required privilege...
WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...
WordPress USM Premium Plugin < 16.3 is vulnerable to Cross Site Scripting (XSS)
Software USM Premium Type Plugin Vulnerable versions 16.3 Fixed in 16.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1166 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2fffba6c645d Credits Mohamed Selim Required privilege...
WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.3 Fixed in 1.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32960 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID d64e914c934f Credits Rafie Muhammad...
WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...
WordPress AJAX Thumbnail Rebuild Plugin <= 1.13 is vulnerable to Broken Access Control
Software AJAX Thumbnail Rebuild Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b90f03667897 Credits Justiice Required...
WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...
WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection
Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.1 Fixed in 4.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46859 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 127ff2924c25 Credits Justiice Required privilege Subscriber Publishe...
WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.5.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.5.13 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4938 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 825435f567d9...
WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control
Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...
WordPress Dark Mode Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Dark Mode Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e4920fdc820 Credits István Márton Required...
WordPress WP VR Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP VR Type Plugin Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID 93df9c4109e0 Credits István Márton Required privile...
WordPress Contact Form Email Plugin <= 1.3.31 is vulnerable to Other Vulnerability Type
Software Contact Form Email Type Plugin Vulnerable versions = 1.3.31 Fixed in 1.3.32 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-28494 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1b66482cfee4 Credits István Márton Require...
WordPress Formidable Forms Plugin < 6.1 is vulnerable to Bypass Vulnerability
Software Formidable Forms Type Plugin Vulnerable versions 6.1 Fixed in 6.1 OWASP Top 10 A1: Injection Classification Bypass Vulnerability CVE CVE-2023-0816 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9879bb5c0709 Credits Daniel Ruf Required privilege Unauthenticated...
WordPress GN Publisher Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)
Software GN Publisher Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1080 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 791c76b450de Credits Marco Wotschka Required...
WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)
Software CSS JS Manager Type Plugin Vulnerable versions = 2.4.49 Fixed in 2.4.49.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d901e9767d13 Credits rezaduty Require...
WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software The Post Grid Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46853 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID b0d360a29dab Credits Muhammad Daffa Require...
WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Publish to Schedule Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25994 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 196402e1491d Credits Rio Darmawan...
WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Upload File Type Settings Plugin Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25781 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1b1468ec7ed1 Credits Rio Darmaw...
WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software ChatBot Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24415 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56586a24f6dd Credits Rafshanzani Suhada Required...
WordPress WP Helper Premium Plugin < 4.3 is vulnerable to Cross Site Scripting (XSS)
Software WP Helper Premium Type Plugin Vulnerable versions 4.3 Fixed in 4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0448 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c74257beed9d Credits Joshua Martinelle Required...
WordPress WP TripAdvisor Review Slider Plugin < 10.8 is vulnerable to SQL Injection
Software WP TripAdvisor Review Slider Type Plugin Vulnerable versions 10.8 Fixed in 10.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0261 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dcd0212f495a Credits István Márton Required privilege...
WordPress Customer Reviews for WooCommerce Plugin < 5.16.0 is vulnerable to Local File Inclusion
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions 5.16.0 Fixed in 5.16.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0080 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 2a336810763e Credits István Márton Required...
WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45808 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c30856175358 Credits Fadilah Agung Nugraha Required privilege...
WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.81 Fixed in 1.1.82 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23971 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e04532f2022b Credits Rio Darmaw...
WordPress WP Customer Area Plugin < 8.1.4 is vulnerable to Remote Code Execution (RCE)
Software WP Customer Area Type Plugin Vulnerable versions 8.1.4 Fixed in 8.1.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4745 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID fc8e26b37a92 Credits rezaduty Required privilege...
WordPress CPO Companion Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software CPO Companion Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4837 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 47c87ffd82d9 Credits István Márton Required...
WordPress Social Warfare Plugin <= 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Social Warfare Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.4.0 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-0403 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2ad0dd31224b Credits Marco...
WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload
Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...
WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Countdown Widget plugin versions = 3.1.9.1. Solution Update the WordPress WordPress Countdown Widget plugin to the latest available version at least 3.1.9.3...
WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0 Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is temporary,...
WordPress AdRotate Banner Manager plugin <= 5.9 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to resetting some of the maintenance settings Reset tasks, Disable the third party, Update Database were discovered by Muhammad Daffa Patchstack Alliance in the WordPress AdRotate Banner Manager plugin versions = 5.9. Solution...
WordPress Add Multiple Marker plugin <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...
WordPress User Blocker plugin <= 1.5.5 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika in the WordPress User Blocker plugin versions = 1.5.5. Solution Update the WordPress User Blocker plugin to the latest available version at least 1.5.6...
WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.2. Solution Update the WordPress Find and Replace All plugin to the latest available version at least 1.3...
WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes Patchstack Alliance in WordPress miniOrange's Google Authenticator plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at leas...
WordPress Easy Digital Downloads plugin <= 3.1.0.1.1 - Unauth. CSV Injection vulnerability
Unauth. CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Easy Digital Downloads plugin versions = 3.1.0.1.1. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.1.0.2...
WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability
Unauth. Plugin Settings Change vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Modula plugin versions = 2.6.9. Solution Update the WordPress Modula Image Gallery plugin to the latest available version at least 2.6.91...
WordPress Spacer plugin <= 3.0.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by gem in WordPress Spacer plugin versions = 3.0.6. Solution Update the WordPress Spacer plugin to the latest available version at least 3.0.7...
WordPress SEO Plugin by Squirrly SEO plugin <= 12.1.10 - Auth. Arbitrary File Upload vulnerability
Auth. Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress SEO Plugin by Squirrly SEO plugin versions = 12.1.10. Solution Update the WordPress SEO Plugin by Squirrly SEO plugin to the latest available version at least 12.1.11...
WordPress IP Blacklist Cloud plugin <= 5.00 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Mika Patchstack Alliance in the WordPress IP Blacklist Cloud plugin versions = 5.00. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a fu...
WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities
Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...
WordPress Webmaster Tools Verification plugin <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation vulnerability
Unauthenticated Arbitrary Plugin Deactivation vulnerability discovered by Daniel Ruf in WordPress Webmaster Tools Verification plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of October 19, 2022 and is not available for download. This closure is temporary,...
WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability
Sender’s Email Address Exposure vulnerability via wp-mail.php was discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in the WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...