46684 matches found
WordPress Passster plugin <= 3.5.5.5.1 - Insecure Storage of Password vulnerability
Insecure Storage of Password vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Passster plugin versions = 3.5.5.5.1. Solution Update the WordPress Passster – Password Protection plugin to the latest available version at least 3.5.5.5.2...
WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress CPO Shortcodes plugin versions = 1.5.0 . Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is...
WordPress Integration for Szamlazz.hu & Gravity Forms plugin <= 1.2.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in WordPress Integration for Szamlazz.hu & Gravity Forms plugin versions = 1.2.6. Solution Update the WordPress Integration for Szamlazz.hu & Gravity Forms plugin to the latest available version at least 1.2.7...
WordPress Cryptocurrency Pricing list and Ticker plugin <= 1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress Cryptocurrency Pricing list and Ticker plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of September 8, 2022 and is not available for download. This closure is...
WordPress Enable Media Replace plugin <= 3.6.3 - Auth. Path Traversal vulnerability
Auth. Path Traversal vulnerability discovered by Raad Haddad Cloudyrion GmbH in the WordPress Enable Media Replace plugin versions = 3.6.3. Solution Update the WordPress Enable Media Replace plugin to the latest available version at least 4.0.0...
WordPress Wordfence Security – Firewall & Malware Scan plugin <= 7.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ori Gabriel in WordPress Wordfence Security – Firewall & Malware Scan plugin versions = 7.6.0. Solution Update the WordPress Wordfence plugin to the latest available version at least 7.6.1...
WordPress NinjaForms plugin <= 3.6.12 - Authenticated PHP Objection Injection vulnerability
Authenticated PHP Objection Injection vulnerability discovered by Alessio Santoru in WordPress NinjaForms plugin versions = 3.6.12. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.13...
WordPress WPvivid Backup plugin 0.9.76 - Authenticated Arbitrary File Deletion vulnerability
Authenticated Arbitrary File Deletion vulnerability discovered by WPScan in WordPress WPvivid Backup plugin versions 0.9.76. Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.77...
WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Launcher: Coming Soon & Maintenance Mode plugin versions = 1.0.11. Solution No patched version is available. Ignored by the vendor...
WordPress Affiliates Manager Plugin <= 2.9.13 - CSV Injection vulnerability
CSV Injection vulnerability discovered by WPScan in Affiliates Managers versions = 2.9.13 Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.9.14...
WordPress Yotpo Reviews for WooCommerce (Unofficial) plugin <= 2.0.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Johannes Gangsö in WordPress Yotpo Reviews for WooCommerce Unofficial plugin versions = 2.0.4. Solution Deactivate and delete. This plugin has been closed as of July 27, 2022 and is not available for downloa...
WordPress Feed Them Social plugin <= 2.9.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Feed Them Social plugin versions = 2.9.9. Solution Update the WordPress Feed Them Social plugin to the latest available version at least 3.0.1...
WordPress Product Slider for WooCommerce plugin <= 2.5.6 - Authenticated Arbitrary Options Deletion vulnerability
Authenticated Arbitrary Options Deletion vulnerability discovered by Krzysztof ZajÄ…c in WordPress Product Slider for WooCommerce plugin versions = 2.5.6. Solution Update the WordPress Product Slider for WooCommerce plugin to the latest available version at least 2.5.7...
WordPress Stockists Manager for Woocommerce plugin <= 1.0.2.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS by Yuta Kikuchi in WordPress Stockists Manager for Woocommerce plugin versions = 1.0.2.1. Solution Deactivate and delete. This plugin has been closed as of July 12, 2022 and is not available for download. Thi...
WordPress Discy premium theme <= 4.9 - Broken Access Control to change settings vulnerability
Broken Access Control to change settings vulnerability discovered by Veshraj Ghimire in WordPress Discy premium theme versions = 4.9. Solution Update the WordPress Discy theme to the latest available version at least 5.0...
WordPress CAPTCHA 4WP plugin <= 7.0.6.1 - Local File Inclusion (LFI) via Cross-Site Request Forgery (CSRF) vulnerability
Local File Inclusion LFI via Cross-Site Request Forgery CSRF vulnerability was discovered by ZhongFu Su JrXnm in the WordPress CAPTCHA 4WP plugin versions = 7.0.6.1. Solution Update the WordPress CAPTCHA 4WP plugin to the latest available version at least 7.1.0...
WordPress Name Directory plugin <= 1.25.3 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Donato Di Pasquale in WordPress Name Directory plugin versions = 1.25.3. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.25.4...
WordPress Shareaholic <= 9.7.5 - Information Disclosure vulnerability
Information Disclosure vulnerability discovered by Brandon James Roldan in WordPress Shareaholic versions = 9.7.5. Solution Update the WordPress Shareaholic plugin to the latest available version at least 9.7.6...
WordPress Download Manager <= 3.2.46 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Andrea Bocchetti in WordPress Download Manager versions = 3.2.46. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.47...
WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability
Authenticated Arbitrary Code Execution vulnerability discovered by Universe Patchstack Alliance in WordPress Import any XML or CSV File to WordPress plugin versions = 3.6.7. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.6.8...
WordPress Loading Page with Loading Screen plugin <= 1.0.82 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Nikhil Kapoor in WordPress Loading Page with Loading Screen plugin versions = 1.0.82. Solution Update the WordPress Loading Page with Loading Screen plugin to the latest available version at least 1.0.83...
WordPress Data Tables Generator by Supsystic plugin <= 1.10.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Data Tables Generator by Supsystic plugin versions = 1.10.19. Solution Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version at least 1.10.20...
WordPress Brizy Page Builder plugin <= 2.4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Element URL
Authenticated Stored Cross-Site Scripting XSS vulnerability via Element URL discovered by Vishnupriya Ilango in WordPress Brizy Page Builder plugin versions = 2.4.1. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.4.2...
WordPress LinkedIn Company Updates plugin <= 1.5.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress LinkedIn Company Updates plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for...
WordPress BuddyPress Group Reviews plugin <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass
Unauthorized AJAX Actions due to Nonce Bypass discovered by Marco Wotschka / Wordfence in WordPress BuddyPress Group Reviews plugin versions = 2.8.3. Solution Update the WordPress BuddyPress Group Reviews plugin to the latest available version at least 2.8.4...
WordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSS
Improper Access Control vulnerability leading to multiple Authenticated Stored XSS discovered by Ngo Van Thien Patchstack Alliance in WordPress Custom Popup Builder plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of May 26, 2022 and is not available for...
WordPress SAML Single Sign On – SAML SSO Login plugin <= 4.9.20 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress SAML Single Sign On – SAML SSO Login plugin versions = 4.9.20. Solution Update the WordPress SAML Single Sign On – SAML SSO Login plugin to the latest available version at least 4.9.21...
WordPress Limit Login Attempts plugin <= 4.0.71 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress Limit Login Attempts plugin versions = 4.0.71. Solution Update the WordPress Limit Login Attempts plugin to the latest available version at least 4.0.72...
WordPress WP Ultimate CSV Importer plugin <= 6.5.2 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability
Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress WP Ultimate CSV Importer plugin versions = 6.5.2. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.3...
WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by BEE-K Patchstack in the WordPress Image Slider by NextCode plugin versions = 1.1.2. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is...
WordPress LaTeX plugin <= 3.4.10 - Arbitrary Settings Update via CSRF leading to Stored XSS vulnerability
Arbitrary Settings Update via CSRF leading to Stored XSS vulnerability discovered by Daniel Ruf in WordPress LaTeX plugin versions = 3.4.10. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress RB Internal Links plugin <= 2.0.16 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress RB Internal Links plugin versions = 2.0.16. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is...
WordPress Peter’s Collaboration E-mails plugin <= 2.2.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Peter’s Collaboration E-mails plugin versions = 2.2.0. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure i...
WordPress Appointment Hour Booking plugin <= 1.3.55 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Bruno Halltari in WordPress Appointment Hour Booking plugin versions = 1.3.55. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.56...
WordPress Sticky Popup plugin <= 1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Saeed Alzahrani in WordPress Sticky Popup plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Phyo Win Shein in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...
WordPress Export any WordPress data to XML/CSV plugin <= 1.3.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export any WordPress data to XML/CSV plugin versions = 1.3.4. Solution Update the WordPress Export any WordPress data to XML/CSV plugin to the latest available version at least 1.3.5...
WordPress Webriti SMTP Mail plugin <= 1.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Webriti SMTP Mail plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of May 13, 2022 and is not available for download. This closure is temporary,...
WordPress Enqueue Anything plugin <= 1.0.1 - Arbitrary Asset/Post Deletion vulnerability
Arbitrary Asset/Post Deletion vulnerability discovered by Abhishek Bhoir in WordPress Enqueue Anything plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of April 26, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Bestbooks plugin <= 2.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Bestbooks plugin versions = 2.6.3. Solution Deactivate and delete. This plugin has been closed as of May 11, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress FiboSearch plugin <= 1.17.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Dipak Panchal in the WordPress FiboSearch plugin versions = 1.17.0. Solution Update the WordPress FiboSearch plugin to the latest available version at least 1.18.0...
WordPress Throws SPAM Away plugin <= 3.3 - Comment Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Comment Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Throws SPAM Away plugin versions = 3.3. Solution Update the WordPress Throws SPAM Away plugin to the latest available version at least 3.3.1...
WordPress Donations plugin <= 1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance WordPress Donations plugin versions = 1.8. Solution Deactivate and delete. This plugin has been closed as of February 28, 2022 and is not available for download. Reason: Security Issue...
WordPress WP Simple Adsense Insertion plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Ads and JavaScript injection
Cross-Site Request Forgery CSRF vulnerability leading to Ads and JavaScript injection discovered by Daniel Ruf in WordPress WP Simple Adsense Insertion plugin versions = 2.0. Solution Update the WordPress WP Simple Adsense Insertion plugin to the latest available version at least 2.1...
WordPress Easy FAQ with Expanding Text plugin <= 3.2.8.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Easy FAQ with Expanding Text plugin versions = 3.2.8.3.1. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for...
WordPress Simple Real Estate Pack plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Simple Real Estate Pack plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download...
WordPress Amazon Link plugin <= 3.2.10 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Amazon Link plugin versions = 3.2.10. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download. This closur...
WordPress Bulk Page Creator plugin <= 1.1.3 - Arbitrary Page Creation via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Page Creation via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Bulk Page Creator plugin versions = 1.1.3. Solution Update the WordPress Bulk Page Creator plugin to the latest available version at least 1.1.4...
WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress WP Slider Plugin versions = 1.4.5. Solution No patched version is available. No reply from the vendor...
WordPress Enable SVG plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability via SVG
Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Enable SVG plugin versions = 1.3.1. Solution Update the WordPress Enable SVG plugin to the latest available version at least 1.4.0...