46681 matches found
WordPress Essential Content Types plugin <= 1.8.6 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Content Types plugin versions = 1.8.6. Solution Update the WordPress Essential Content Types plugin to the latest available version at least 1.9...
WordPress DearFlip plugin <= 1.7.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress DearFlip plugin versions = 1.7.9. Solution Update the WordPress DearFlip plugin to the latest available version at least 1.7.10...
WordPress Support Board plugin <= 3.3.3 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by John Jefferson Li in the WordPress Support Board plugin versions = 3.3.3. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.4...
WordPress StopBadBots plugin <= 6.59 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula Trustwave in WordPress StopBadBots plugin versions = 6.59. Solution Update the WordPress StopBadBots plugin to the latest available version at least 6.60...
WordPress Post Title Counter plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Post Title Counter plugin versions = 1.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Chained Quiz plugin <= 1.2.7.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Chained Quiz plugin versions = 1.2.7.1. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.2.7.1...
WordPress Nested Pages plugin <= 3.1.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Post Deletion and Modification
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Post Deletion and Modification discovered by Ramuel Gall WordFence in WordPress Nested Pages plugin versions = 3.1.15. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.16...
WordPress Nested Pages plugin <= 3.1.15 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Ram Gall WordFence in WordPress Nested Pages plugin versions = 3.1.15. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.16...
WordPress Comment Link Remove and Other Comment Tools plugin <= 2.1.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to bulk comment deletion
Cross-Site Request Forgery CSRF vulnerability leading to bulk comment deletion discovered by Martin Vierula Trustwave in WordPress Comment Link Remove and Other Comment Tools plugin versions = 2.1.4. Solution Update the WordPress Comment Link Remove and Other Comment Tools plugin to the latest...
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Update vulnerability
Unauthorized Event TimeSlot Update vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...
WordPress The Sorter plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress The Sorter plugin versions = 1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin versions = 2.0.2. Vulnerable at "Headline" &messagedata16headline input. Solution Update the WordPress Icegram plugin to the latest available version at least 2.0.3...
WordPress Smash Balloon Social Post Feed plugin <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Smash Balloon Social Post Feed plugin versions = 2.19.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 2.19.2...
WordPress Scribble Maps plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Scribble Maps plugin versions = 1.2. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Simple Behance Portfolio plugin <= 0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Behance Portfolio plugin versions = 0.2. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Custom Post Type Relations plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Post Type Relations plugin = 1.0. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Software License Manager plugin <= 4.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Software License Manager plugin versions = 4.4.7. Solution Update the WordPress Software License Manager plugin to the latest available version at least 4.4.8...
WordPress W3SCloud Contact Form 7 to Zoho CRM plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress W3SCloud Contact Form 7 to Zoho CRM plugin versions = 1.1.0. Solution Update the WordPress W3SCloud Contact Form 7 to Zoho CRM plugin to the latest available version at least 2.1.0...
WordPress youForms plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by xiahao in WordPress youForms plugin versions = 1.0.5. Solution This plugin has been closed as of July 30, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Nifty Newsletters plugin <= 4.0.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Kohei Hino Cryptography Laboratory - Tokyo Denki University in WordPress Nifty Newsletters plugin versions = 4.0.23. Solution This plugin has been closed as of July 29, 2021 and is not available...
WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
WordPress Simple Banner plugin <= 2.10.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Simple Banner plugin versions = 2.10.3. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.10.4...
WordPress Paytm plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Paytm plugin versions = 1.3.2. Solution This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security Issue...
WordPress WP Upload Restriction plugin <= 2.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Angelo Righi in WordPress WP Upload Restriction plugin versions = 2.2.3. Solution Update the WordPress WP Upload Restriction plugin to the latest available version at least 2.2.4...
WordPress Workreap premium theme <= 2.2.1 - Missing authorization checks in AJAX actions vulnerability
Missing authorization checks in AJAX actions vulnerability discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...
WordPress Portfolio Responsive Gallery plugin <= 1.1.7 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Portfolio Responsive Gallery plugin versions = 1.1.7. Solution Update the WordPress Portfolio Responsive Gallery plugin to the latest available version at least 1.1.8...
WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in Image Uploader Component vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...
WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin versions = 1.0.13. Solution Update the WordPress Sign-up Sheets plugin to the latest available version at least 1.0.14...
WordPress Contact Form 7 Style plugin <= 3.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Contact Form 7 Style plugin versions = 3.2. Solution This plugin has been closed as of February 1, 2021 and is not available for download. Reason: Security Issue...
WordPress simple sort&search plugin <= 0.0.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress simple sort&search plugin versions = 0.0.3. Solution This plugin has been closed as of May 19, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Request a Quote plugin <= 2.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Request a Quote plugin versions = 2.3.0. Solution Update the WordPress Request a Quote plugin to the latest available version at least 2.3.4...
WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file
Authenticated Stored Cross-Site Scripting XSS vulnerability via uploaded SVG file discovered by Rasi in WordPress WP SVG images plugin versions = 3.3. Solution Update the WordPress WP SVG images plugin to the latest available version at least 3.4...
WordPress JoomSport plugin <= 5.1.5 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Bugbang in WordPress JoomSport plugin versions = 5.1.5. Solution Update the WordPress JoomSport plugin to the latest available version at least 5.1.8...
WordPress Admin Columns PRO premium plugin <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns PRO premium plugin versions = 5.4.4. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.1...
WordPress FooGallery plugin <= 2.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by avolume in WordPress FooGallery plugin versions = 2.0.30. Solution Update the WordPress FooGallery plugin to the latest available version at least 2.0.35...
WordPress Easy Preloader plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress Easy Preloader plugin versions = 1.0.0. Solution This plugin has been closed as of May 4, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Sendit WP Newsletter plugin <= 2.5.1 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Sendit WP Newsletter plugin versions = 2.5.1. Solution This plugin has been closed as of April 29, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Backup by 10Web – Backup and Restore plugin versions = 1.0.20. Solution This plugin has been closed as of June 2, 2021 and is not available for download. This closure is permanent...
WordPress Speed Booster Pack plugin <= 4.1.3 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution RCE vulnerability discovered by m0ze in WordPress Speed Booster Pack plugin versions = 4.1.3 to be more precise = 4.2.0-beta. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.2.0...
WordPress Ultimate Member plugin <= 2.1.19 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Riki Aji in WordPress Ultimate Member plugin versions = 2.1.19. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.20...
WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...
WordPress WPGraphQL plugin <= 1.3.5 - Denial of Service vulnerability
Denial of Service vulnerability discovered by Dolev Farhi in WordPress WPGraphQL plugin versions = 1.3.5. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 1.3.6...
WordPress Media File Renamer plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Red Team in the WordPress Media File Renamer plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...
WordPress WP Page Builder plugin <= 1.2.3 - Insecure Default Configuration vulnerability
Insecure Default Configuration vulnerability discovered by WordFence in WordPress WP Page Builder plugin versions = 1.2.3. Solution Update the WordPress WP Page Builder plugin to the latest available version at least 1.2.4...
WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability
Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...
WordPress Patreon WordPress plugin <= 1.6.9 - Local File Disclosure vulnerability
Local File Disclosure vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.6.9. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.0...
WordPress JH 404 Logger plugin <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ganesh Bagaria in WordPress JH 404 Logger plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...
WordPress Map Block for Google Maps plugin <= 1.31 - Google API Key Manipulation vulnerability
Google API Key Manipulation vulnerability found in WordPress Map Block for Google Maps plugin versions = 1.31. Solution Update the WordPress Map Block for Google Maps plugin to the latest available version at least 1.32...
WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Arcangelo Saracino in WordPress FV Flowplayer Video Player plugin versions = 7.4.37.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.4.38.727...
WordPress Name Directory plugin <= 1.17.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Yuta in WordPress Name Directory plugin versions = 1.17.4. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.18...