46681 matches found
WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Self-Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Self-Reflected Cross-Site Scripting XSS vulnerability found by ack Misiura The Missing Link in WordPress Directories Pro premium plugin versions = 1.3.45. Solution Update the WordPress Directories Pro premium plugin to the latest available version at least 1.3.46...
WordPress Microsoft Office 365 / Azure AD | LOGIN plugin <= 11.6 - JWT Signature Verification Bypass vulnerability
JWT Signature Verification Bypass vulnerability found by Philip Akesson in WordPress Microsoft Office 365 / Azure AD | LOGIN plugin versions = 11.6. Solution Update the WordPress Microsoft Office 365 / Azure AD | LOGIN plugin to the latest available version at least 11.7...
WordPress NewsMag theme <= 2.4.1 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet WordPress NewsMag theme versions = 2.4.1. Solution Update the WordPress NewsMag theme to the latest available version at least 2.4.2...
WordPress Chamber Dashboard Business Directory plugin <= 3.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Mihkel Raba in WordPress Chamber Dashboard Business Directory plugin versions = 3.3.0. Solution Update the WordPress Chamber Dashboard Business Directory plugin to the latest available version at least 3.3.1...
WordPress Sell Media plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Metamorfosec in WordPress Sell Media plugin versions = 2.4.1. Solution Update the WordPress Sell Media plugin to the latest available version at least 2.4.2...
WordPress Extra premium theme <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Extra premium theme versions = 4.5.2. Solution Update the WordPress Extra premium theme to the latest available version at least 4.5.3...
WordPress Divi Builder plugin <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi Builder plugin versions = 4.5.2. Solution Update the WordPress Divi Builder plugin to the latest available version at least 4.5.3...
WordPress Email Subscribers & Newsletters plugin <= 4.5.0.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Tenable in WordPress Email Subscribers & Newsletters plugin versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 4.5.1...
WordPress WP Product Review Lite plugin <= 3.7.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sucuri in WordPress WP Product Review Lite plugin versions = 3.7.5. Solution Update the WordPress WP Product Review Lite plugin to the latest available version at least 3.7.6...
WordPress Media Library Assistant plugin <= 2.81 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution RCE vulnerability discovered in WordPress Media Library Assistant plugin versions = 2.81. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.82...
WordPress Import Export WordPress Users plugin <= 1.3.8 - Arbitrary User Creation vulnerability
Arbitrary User Creation vulnerability discovered by WordFence in WordPress Import Export WordPress Users plugin versions = 1.3.8. Solution Update the WordPress Import Export WordPress Users plugin to the latest available version at least 1.3.9...
WordPress Login by Auth0 plugin <= 3.11.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Muhamad Visat in WordPress Login by Auth0 plugin versions = 3.11.2. Solution Update the WordPress Login by Auth0 plugin to the latest available version at least 3.11.3...
WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <=5.127.3 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions =5.127.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.127.4...
WordPress EU Cookie Law plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Tobias Fink SBA Research in WordPress EU Cookie Law plugin versions = 3.0.6. Solution 17 October 2019 - we were unable to find a patched version of this plugin...
WordPress WP SlackSync premium plugin <= 1.8.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability found by fs0c131y in WordPress WP SlackSync premium plugin versions = 1.8.5. Solution Update the WordPress WP SlackSync premium plugin to the latest available version at least 1.8.6...
WordPress WP Social Feed Gallery plugin <= 2.4.7 - Authorization Check vulnerability
Authorization Check vulnerability found in WordPress WP Social Feed Gallery plugin versions = 2.4.7. Solution Update the WordPress WP Social Feed Gallery plugin to the latest available version at least 2.4.8...
WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress UserPro plugin versions = 4.9.33. Solution 27 August 2019 - no patched version available...
WordPress AdRotate Banner Manager plugin <= 5.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Tin Duong in WordPress AdRotate Banner Manager plugin versions = 5.2. Solution Update the WordPress AdRotate Banner Manager plugin to the latest available version at least 5.3...
WordPress WPS Bidouille plugin <= 1.12.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Julio Potier in WordPress WPS Bidouille plugin versions = 1.12.2. Solution Update the WordPress WPS Bidouille plugin to the latest available version at least 1.12.4...
WordPress SEO by Rank Math plugin <= 1.0.26 - Cross-Site Scripting (XSS) vulnerabilities
Cross-Site Scripting XSS vulnerabilities found in WordPress SEO by Rank Math versions = 1.0.26. Solution Update the WordPress SEO by Rank Math to the latest available version at least 1.0.27...
WordPress WP Database Backup plugin <= 5.1.2 - Unauthenticated OS Command Injection vulnerability
Unauthenticated OS Command Injection vulnerability found by WordFence in WordPress WP Database Backup plugin versions = 5.1.2. Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.2...
WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability
CSRF vulnerability to Authenticated SQL Injection vulnerability possible in WordPress WP Booking System versions = 1.5.1.1 found by Magnus K. Stubman. Solution Update the WordPress WP Booking System to the latest available version at least 1.5.2...
WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability
Phar Deserialization vulnerability found by Ripstech in WordPress WP Job Manager plugin versions = 1.31.2. Solution Update the WordPress WP Job Manager plugin to the latest available version at least 1.31.3...
WordPress Geo Mashup plugin <= 1.10.3 - Unspecified Cross-Site Scripting (XSS) vulnerability
Unspecified Cross-Site Scripting XSS vulnerability found in WordPress Geo Mashup plugin versions = 1.10.3. Solution Update the WordPress Geo Mashup plugin to the latest available version at least 1.10.4...
WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Authenticated Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin versions = 4.6. Solution This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap...
WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability
Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...
WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin <= 1.0.8 - Cross-site Request Forgery (CSRF) vulnerability
Cross-site Request Forgery CSRF vulnerability found by ThreatPress Research Team in WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin versions = 1.0.8. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...
WordPress WP Live Chat Support plugin <=8.0.07 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by Riccardo ten Cate in WordPress WP Live Chat Support plugin versions =8.0.07. Solution Update the WordPress WP Live Chat Support plugin to the latest available version at least 8.0.08...
WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress Relevanssi plugin versions =4.0.4. Attackers can inject arbitrary JavaScript or HTML via the GET parameter. Solution 09.04.2018 - Several sources claim that you need to update to the version 4.1, but we were unable to find this version on...
WordPress File Upload plugin <=4.3.2 - Security Issue in plugin shortcodes
Security Issue in plugin shortcodes found in WordPress File Upload plugin versions =4.3.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.3.3...
WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin versions =5.8.1.1. Solution Update the WordPress Events Manager plugin to the latest version at least 5.8.1.2...
WordPress File Manager plugin <=5.0.0 - Information Disclosure vulnerability
Information Disclosure vulnerability found in WordPress File Manager plugin versions =5.0.0. Solution Update the WordPress File Manager plugin to the latest available version at least 5.0.2...
WordPress Social Media Widget by Acurax plugin <=3.2.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Panagiotis Vagenas in WordPress Social Media Widget by Acurax plugin versions =3.2.5. Solution Update the WordPress Social Media Widget by Acurax plugin to the latest available version at least 3.2.6...
WordPress Booking calendar plugin <=2.1.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by d4wner in WordPress Booking calendar plugin versions =2.1.7. Solution Update the WordPress Booking calendar plugin to the latest available version at least 2.1.8...
WordPress Simple Download Monitor plugin <=3.5.3 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin versions =3.5.3. Vulnerable to Cross-Site Scripting via the sdmupload parameter in an edit action to wp-admin/post.php. Solution Update the WordPress Simple Download Monitor plugin to...
WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Vulnerable via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...
WordPress Duplicator plugin <=1.2.28 – Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Duplicator plugin versions =1.2.28. The plugin is vulnerable due to incorrectly filtered values "urlnew" and "logging". Solution Update the WordPress Duplicator plugin to the latest available version at least...
WordPress User Login History plugin <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress User Login History plugin versions =1.5. Solution Update the WordPress User Login History plugin to the latest available version at least version 1.6...
WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...
WordPress Student Result or Employee Database plugin <=1.6.3 - Authorization Bypass vulnerability
Authorization Bypass vulnerability found by Lim Benjamin found in WordPress Student Result or Employee Database plugin version 1.6.3 and earlier versions. Specific Google dork could find vulnerable websites. Some functions of the plugin do not check the authorization. Solution Update the WordPres...
WordPress AddToAny Share Buttons plugin <=1.7.14 - Conditional Host Header Injection vulnerability
Conditional Host Header Injection vulnerability found by Paul Dannewitz in WordPress AddToAny Share Buttons plugin. Vulnerable plugin version used Host header instead of homeurl thus allows custom Hostheader injection by crafted link, web cache poisoning and it may end up with sharing malicious...
WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. The vulnerability exists in the init.php file of the "Blacklist and Whitelist IP Wizard." Solution Update the WordPress Loginizer plugin to the latest...
WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability
Blind SQL Injection vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. Vulnerable due to http-header forwarding without any sanitization to lzselectquery and then $wpdb-getresults. Solution Update the WordPress Loginizer plugin to the late...
WordPress YouTube Embed Plus plugin <=11.8.1 - Cross-Site Request Forgery (CSRF) vulnerability
WordPress YouTube Embed Plus plugin version 11.8.1 vulnerable to the Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows an attacker to change plugin settings if he manages to trick admin user to follow the forged link. Solution Please update WordPress YouTube Embed plugin to...
WordPress plugin WP Mail <=1.1 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress plugin WP Mail version 1.1 has Reflected Cross Site Scripting XSS vulnerability and allows an attacker to execute JavaScript in the context of the user receiving the mail. Solution Update plugin to the latest version at least 1.2...
WordPress Whois Domain Plugin - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...
WordPress MailPoet Newsletters Plugin <= 2.7.2 - SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...
WordPress Page Layout Builder Plugin <= 1.9.3 - Reflected XSS
This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...
WordPress <= 4.5.2 - XSS #1
WordPress version 4.5.2 is prone to a cross-site scripting XSS vulnerability in the wpgetattachmentlink function in wp-includes/post-template.php. It allows an attacker to inject arbitrary web script or HTML via a crafted attachment name. Related:...