45950 matches found
WordPress Auto Affiliate Links Plugin <= 6.2.1.5 is vulnerable to Privilege Escalation
Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.2.1.5 Fixed in 6.2.1.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-45840 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 552906959004 Credits Nguyen Anh Tien...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0554 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c79ea8bd00a5 Credits Marco Wotschka...
WordPress Page Builder: Live Composer Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.22 Fixed in 1.5.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3a851e56815e Credits Istv...
WordPress WP Helper Premium Plugin < 4.3 is vulnerable to Cross Site Scripting (XSS)
Software WP Helper Premium Type Plugin Vulnerable versions 4.3 Fixed in 4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0448 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c74257beed9d Credits Joshua Martinelle Required...
WordPress WP Airbnb Review Slider Plugin < 3.3 is vulnerable to SQL Injection
Software WP Airbnb Review Slider Type Plugin Vulnerable versions 3.3 Fixed in 3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0262 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e5bb0170c3f4 Credits István Márton Required privilege Subscriber...
WordPress WP TripAdvisor Review Slider Plugin < 10.8 is vulnerable to SQL Injection
Software WP TripAdvisor Review Slider Type Plugin Vulnerable versions 10.8 Fixed in 10.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0261 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dcd0212f495a Credits István Márton Required privilege...
WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.81 Fixed in 1.1.82 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23971 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e04532f2022b Credits Rio Darmaw...
WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45808 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c30856175358 Credits Fadilah Agung Nugraha Required privilege...
WordPress CPO Companion Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software CPO Companion Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4837 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 47c87ffd82d9 Credits István Márton Required...
WordPress Social Warfare Plugin <= 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Social Warfare Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.4.0 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-0403 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2ad0dd31224b Credits Marco...
WordPress kingclub-theme Theme < 10 is vulnerable to Arbitrary File Upload
Software kingclub-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c582a1ee7025 Credits Joshua Small Required privilege...
WordPress Content Control Plugin < 1.1.10 is vulnerable to Cross Site Scripting (XSS)
Software Content Control Type Plugin Vulnerable versions 1.1.10 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4509 Patch priority Medium CVSS severity Medium 6.3 Developer Code Atlantic LLC PSID a16131ad7c93 Credits István Márton...
WordPress soundblast Theme < 10 is vulnerable to Arbitrary File Upload
Software soundblast Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8aee103c2d72 Credits Joshua Small Required privilege...
WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Countdown Widget plugin versions = 3.1.9.1. Solution Update the WordPress WordPress Countdown Widget plugin to the latest available version at least 3.1.9.3...
WordPress Responsive Lightbox2 plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Responsive Lightbox2 plugin versions = 1.0.3. Solution Update the WordPress Responsive Lightbox2 plugin to the latest available version at least 1.0.4...
WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...
WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress WooSwipe WooCommerce Gallery plugin versions = 2.0.1. Solution No patched version is available. No reply from the vendor...
WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0 Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is temporary,...
WordPress AdRotate Banner Manager plugin <= 5.9 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to resetting some of the maintenance settings Reset tasks, Disable the third party, Update Database were discovered by Muhammad Daffa Patchstack Alliance in the WordPress AdRotate Banner Manager plugin versions = 5.9. Solution...
WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Activity Reactions For Buddypress plugin versions = 1.0.22. Solution No patched version is available...
WordPress User Blocker plugin <= 1.5.5 - Auth. CSV Injection vulnerability
Auth. CSV Injection vulnerability discovered by Mika in the WordPress User Blocker plugin versions = 1.5.5. Solution Update the WordPress User Blocker plugin to the latest available version at least 1.5.6...
WordPress Analytics for WP plugin <= 1.5.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Analytics for WP plugin versions = 1.5.1. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress Video Thumbnails plugin <= 2.12.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Video Thumbnails plugin versions = 2.12.3. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...
WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability
Auth. Remote Code Execution vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...
WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities
Multiple Cross-Site Scripting CSRF vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress SEO Redirection Plugin plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 9.1...
WordPress Newspaper premium theme < 12.1 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Truoc Phan in WordPress Newspaper premium theme versions 12.1. Solution Update the WordPress Newspaper theme to the latest available version at least 12.1...
WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability
Auth. Sensitive Data Exposure vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Phone Orders for WooCommerce plugin versions = 3.7.1. Solution Update the WordPress Phone Orders for WooCommerce plugin to the latest available version at least 3.7.2...
WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities
Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...
WordPress Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Integration for Szamlazz.hu & WooCommerce plugin versions = 5.6.3.2. Solution Update the WordPress Integration for Szamlazz.hu & WooCommerce plugin to the latest available...
WordPress Webmaster Tools Verification plugin <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation vulnerability
Unauthenticated Arbitrary Plugin Deactivation vulnerability discovered by Daniel Ruf in WordPress Webmaster Tools Verification plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of October 19, 2022 and is not available for download. This closure is temporary,...
WordPress Chat Bubble plugin <= 2.2 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability
Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Juampa Rodríguez in WordPress Chat Bubble plugin versions = 2.2. Solution Update the WordPress Chat Bubble plugin to the latest available version at least 2.3...
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability in the Widget block discovered in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress Easy Digital Downloads plugin <= 2.11.7 - Arbitrary Post Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Post Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Easy Digital Downloads plugin versions = 2.11.7. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.0...
WordPress Optinly plugin <= 1.0.11 - Broken Access Control vulnerability
Broken Access Control leading to plugin settings change by the subscriber or higher role user vulnerability discovered by ptsfence Patchstack in WordPress Optinly plugin versions = 1.0.11. Solution No patched version is available. No reply from the vendor...
WordPress PublishPress Capabilities Pro premium plugin <= 2.5.1 - Auth. PHP Objection Injection vulnerability
Auth. PHP Objection Injection vulnerability discovered by Nguyen Pham Viet Nam in WordPress PublishPress Capabilities Pro premium plugin versions = 2.5.1. Solution Update the WordPress PublishPress Capabilities Pro plugin to the latest available version at least...
WordPress Retain Live Chat plugin <= 0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rahul Selvakumar in WordPress Retain Live Chat plugin versions = 0.1. Solution Deactivate and delete. This plugin has been closed as of October 3, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability was discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Store Locator plugin versions = 1.4.5. Solution Update the WordPress Store Locator WordPress plugin to the latest available version at least 1.4.6...
WordPress Advanced Comment Form <= 1.2.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Advanced Comment Form versions = 1.2.0. Solution Update the WordPress Advanced Comment Form plugin to the latest available version at least 1.2.1...
WordPress Integration for Szamlazz.hu & Gravity Forms plugin <= 1.2.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in WordPress Integration for Szamlazz.hu & Gravity Forms plugin versions = 1.2.6. Solution Update the WordPress Integration for Szamlazz.hu & Gravity Forms plugin to the latest available version at least 1.2.7...
WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.27.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Anurag Bhoir in WordPress Slider, Gallery, and Carousel by MetaSlider plugin versions = 3.27.8. Solution Update the WordPress Responsive Slider by MetaSlider plugin to the latest available version at least 3.27.9...
WordPress SEO Smart Links plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fjowel in WordPress SEO Smart Links plugin versions = 3.0.1. Solution Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in the WordPress Meet My Team plugin versions = 2.0.5. Solution Deactivate and delete. No reply from the vendor...
WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress wp-forecast plugin versions = 7.5. Solution Update the WordPress wp-forecast plugin to the latest available version at least 7.6...
WordPress LinkWorth plugin <= 3.3.3 - Arbitrary Setting Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Setting Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress LinkWorth plugin versions = 3.3.3. Solution Update the WordPress LinkWorth plugin plugin to the latest available version at least 3.3.4...
WordPress Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting (XSS) vulnerability
Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Rezgo Online Booking versions = 4.1.7. Solution Update the WordPress Rezgo plugin to the latest available version at least 4.1.8...
WordPress Product Slider for WooCommerce plugin <= 2.5.6 - Authenticated Arbitrary Options Deletion vulnerability
Authenticated Arbitrary Options Deletion vulnerability discovered by Krzysztof Zając in WordPress Product Slider for WooCommerce plugin versions = 2.5.6. Solution Update the WordPress Product Slider for WooCommerce plugin to the latest available version at least 2.5.7...
WordPress Easy Username Updater plugin <= 1.0.4 - Arbitrary Username Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Username Update via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress Easy Username Updater plugin versions = 1.0.4. Solution Update the WordPress Easy Username Updater plugin to the latest available version at least 1.0.5...
WordPress Discy premium theme <= 4.9 - Broken Access Control to change settings vulnerability
Broken Access Control to change settings vulnerability discovered by Veshraj Ghimire in WordPress Discy premium theme versions = 4.9. Solution Update the WordPress Discy theme to the latest available version at least 5.0...