WordPress StaffList plugin <= 3.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Hassan Khan Yusufzai in WordPress StaffList plugin versions = 3.1.5. Solution Update the WordPress StaffList plugin to the latest available version at least 3.1.6...

WordPress StaffList plugin <= 3.1.5 - Arbitrary Staff Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Staff Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Hassan Khan Yusufzai in the WordPress StaffList plugin versions = 3.1.5. Solution Update the WordPress StaffList plugin to the latest available version at least 3.1.6...

WordPress Nirweb support plugin <= 2.7.9 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Nirweb support plugin versions = 2.7.9. Solution Update the WordPress Nirweb support plugin to the latest available version at least 2.8.2...

WordPress Wbcom Designs – BuddyPress Create Group Type plugin <= 2.7.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Create Group Type plugin versions = 2.7.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download...

WordPress Visual Form Builder plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Visual Form Builder plugin versions = 3.0.6. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.7...

WordPress Clipr plugin <= 1.2.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Clipr plugin versions = 1.2.3. Solution No patched version is available...

WordPress Admin Word Count Column plugin <= 2.2 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Admin Word Count Column plugin versions = 2.2. Solution Deactivate and delete. This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary,...

WordPress WP Downgrade plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress WP Downgrade plugin versions = 1.2.2. Solution Update the WordPress WP Downgrade plugin to the latest available version at least 1.2.3...

WordPress Add Pinterest conversion tags for Pinterest Ads + Site verification plugin <= 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Add Pinterest conversion tags for Pinterest Ads + Site verification plugin versions = 1.2.2. Solution Update the Add Pinterest conversion tags for Pinterest Ads + Site verification plugin to the latest available version at lea...

WordPress Joli Table Of Contents plugin <= 1.3.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Joli Table Of Contents plugin versions = 1.3.8. Solution Update the WordPress Joli Table Of Contents plugin to the latest available version at least 1.3.9...

WordPress WP-Cron Status Checker plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP-Cron Status Checker plugin versions = 1.2.2. Solution Update the WordPress WP-Cron Status Checker plugin to the latest available version at least 1.2.4...

WordPress Files Download Delay plugin < 1.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Files Download Delay plugin versions 1.0.4. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.4...

WordPress Modern Addons for Elementor Page Builder plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Modern Addons for Elementor Page Builder plugin versions = 1.1.2. Solution Update the WordPress Modern Addons for Elementor Page Builder plugin to the latest available version at least 1.2.0...

WordPress Easy Smooth Scroll Links – Smooth Scrolling Anchor plugin <= 2.23.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Smooth Scroll Links – Smooth Scrolling Anchor plugin versions = 2.23.0. Solution Update the WordPress Easy Smooth Scroll Links – Smooth Scrolling Anchor plugin to the latest available version at...

WordPress Premmerce Frequently Bought Together for WooCommerce plugin <= 1.0.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Frequently Bought Together for WooCommerce plugin versions = 1.0.9. Solution No patched version available...

WordPress WooCommerce Role Based Pricing by Meow Crew plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Role Based Pricing by Meow Crew plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Role Based Pricing by Meow Crew plugin to the latest available version at least 1.0.2...

WordPress Slider Plugin – Block Slider plugin <= 1.2.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Slider Plugin – Block Slider plugin versions = 1.2.9. Solution Update the WordPress Slider Plugin – Block Slider plugin to the latest available version at least 2.0.0...

WordPress Magic Post Thumbnail plugin < 3.3.11 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Magic Post Thumbnail plugin versions 3.3.11. Solution Update the WordPress Magic Post Thumbnail plugin to the latest available version at least 3.3.11...

WordPress "WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule" plugin <= 2020.1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule" plugin versions = 2020.1.0. Solution No patched version available...

WordPress Impexium Single Sign On plugin <= 1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Impexium Single Sign On plugin versions = 1.1. Solution No patched version available...

WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin < 1.4.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin versions 1.4.2. Solution Update the WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin to the...

WordPress Greenshift – animation and page builder blocks plugin < 1.1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Greenshift – animation and page builder blocks plugin versions 1.1.4. Solution Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version at least 1.1.4...

WordPress Ultimate Post Kit – Addons For Elementor plugin < 2.9.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Ultimate Post Kit – Addons For Elementor plugin versions 2.9.1. Solution Update the WordPress Ultimate Post Kit – Addons For Elementor plugin to the latest available version at least 2.9.1...

WordPress Netforum Member Directory plugin <= 1.11 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Netforum Member Directory plugin versions = 1.11. Solution No patched version available...

WordPress Rest Routes – Custom Endpoints for WP REST API plugin <= 4.23.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Rest Routes – Custom Endpoints for WP REST API plugin versions = 4.23.0. Solution Update the WordPress Rest Routes – Custom Endpoints for WP REST API plugin to the latest available version at least...

WordPress FloraPress – Your Garden on WordPress plugin < 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FloraPress – Your Garden on WordPress plugin versions 1.0.7. Solution Update the WordPress FloraPress – Your Garden on WordPress plugin to the latest available version at least 1.0.7...

WordPress Before and After Product Images for WooCommerce plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Before and After Product Images for WooCommerce plugin versions = 1.0.3. Solution No patched version available...

WordPress BSD Split Pay for Stripe Connect on Woo plugin <= 3.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BSD Split Pay for Stripe Connect on Woo plugin versions = 3.2.0. Solution Update the WordPress BSD Split Pay for Stripe Connect on Woo plugin to the latest available version at least 3.2.1...

WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database (CFDB7) Plugin plugin < 0.6.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database CFDB7 Plugin plugin versions 0.6.7. Solution Update the WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7...

WordPress SLP – Extenders plugin < 5.9.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SLP – Extenders plugin versions 5.9.1. Solution Update the WordPress SLP – Extenders plugin to the latest available version at least 5.9.1...

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Wishlist for WooCommerce plugin versions = 1.1.7. Solution Update the WordPress Premmerce Wishlist for WooCommerce plugin to the latest available version at least 1.1.8...

WordPress Smart Protect plugin <= 1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Smart Protect plugin versions = 1.1. Solution No patched version available...

WordPress Salon Booking System Pro plugin <= 7.6.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Huli Cymetrics in WordPress Salon Booking System Pro plugin versions = 7.6.1. Solution Update the WordPress Salon Booking System Pro plugin to the latest available version at least 7.6.3...

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.4. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at least 3.5.5...

WordPress Contact Form Submissions plugin <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Contact Form Submissions plugin versions = 1.7.2. Solution Update the WordPress Contact Form Submissions plugin to the latest available version at least 1.7.3...

WordPress GDMylist plugin <= 1.1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress GDMylist plugin versions = 1.1.1. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Login with phone number plugin <= 1.3.6 - Unauthenticated Remote Plugin Deletion vulnerability

Unauthenticated Remote Plugin Deletion vulnerability discovered by Michal Lipinski in WordPress Login with phone number plugin versions = 1.3.6. Solution Update the WordPress Login with phone number plugin to the latest available version at least 1.3.7...

WordPress Download Manager plugin <= 3.2.24 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Diogo Real in WordPress Download Manager plugin versions = 3.2.24. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.25...

WordPress WP User plugin <= 6.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress WP User plugin versions = 6.5.1. Solution Update the WordPress WP User plugin to the latest available version at least 7...

WordPress WS Form LITE plugin <= 1.8.175 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form LITE plugin versions = 1.8.175. Solution Update the WordPress WS Form LITE plugin to the latest available version at least 1.8.176...

WordPress WHMCS Bridge plugin <= 6.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WHMCS Bridge plugin versions = 6.3. Solution Update the WordPress WHMCS Bridge plugin to the latest available version at least 6.4b...

WordPress WordPress GDPR & CCPA premium plugin <= 1.9.26 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ace Candelario @0xspade and Victor Paynat-Sautivet 3DS Outscale SOC in WordPress WordPress GDPR & CCPA premium plugin versions = 1.9.26. Solution Update the WordPress WordPress GDPR & CCPA premium plugin to the latest...

WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability via Import Tool discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...

WordPress Futurio Extra plugin <= 1.6.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Jan w Oleju in WordPress Futurio Extra plugin versions = 1.6.2. Possible chained Cross-Site Scripting XSS vulnerability. Solution Update the WordPress Futurio Extra plugin to the latest available version at least 1.6.3...

WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.5. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.6...

WordPress Visual CSS Style Editor plugin <= 7.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Visual CSS Style Editor plugin versions = 7.5.3. Solution Update the WordPress Visual CSS Style Editor plugin to the latest available version at least 7.5.4...

WordPress Link Library plugin <= 7.2.7 - Unauthenticated Arbitrary Links Deletion vulnerability

Unauthenticated Arbitrary Links Deletion vulnerability discovered by Krzysztof Zając in WordPress Link Library plugin versions = 7.2.7. Solution Update the WordPress Link Library plugin to the latest available version at least 7.2.8...

WordPress Domain Check plugin <= 1.0.17 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress Domain Check plugin versions = 1.0.17. Solution Update the WordPress Domain Check plugin to the latest available version at least 1.0.18...

WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress NextScripts: Social Networks Auto-Poster plugin versions = 4.3.23. Solution Update the WordPress NextScripts: Social Networks Auto-Poster plugin to the latest available version at least 4.3.24...

WordPress Edict Lite theme <= 1.1.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Edict Lite theme versions = 1.1.4. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...