46629 matches found
WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db4d6da8779...
WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)
Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...
WordPress institutions-directory Plugin < 1.3.1 is vulnerable to Privilege Escalation
Software institutions-directory Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3f4ecdce4fb1 Credits Omar Badran Required...
WordPress directory-pro Plugin < 1.9.5 is vulnerable to Privilege Escalation
Software directory-pro Type Plugin Vulnerable versions 1.9.5 Fixed in 1.9.5 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 27a5e48fd1cc Credits Omar Badran Required privilege...
WordPress If Menu Plugin <= 0.16.3 is vulnerable to Broken Access Control
Software If Menu Type Plugin Vulnerable versions = 0.16.3 Fixed in 0.17.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41698 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6fd87b73bf2d Credits Nguyen Anh Tien Required...
WordPress Dark Mode Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Dark Mode Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e4920fdc820 Credits István Márton Required...
WordPress Boostify Header Footer Builder for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Boostify Header Footer Builder for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5658880d810...
WordPress Stylish Cost Calculator Plugin <= 7.3.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Stylish Cost Calculator Type Plugin Vulnerable versions = 7.3.6 Fixed in 7.3.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4ab3df3ad99b Credits István Márt...
WordPress Products Compare for WooCommerce Plugin <= 3.5.7.7 is vulnerable to Broken Access Control
Software Products Compare for WooCommerce Type Plugin Vulnerable versions = 3.5.7.7 Fixed in 3.5.7.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f7685c0ec49a Credits István...
WordPress Watu Quiz Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)
Software Watu Quiz Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0968 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f8e4b6a3eab0 Credits Marco Wotschka Required...
WordPress WooSupply – Suppliers, Supply Orders and Stock Management Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF)
Software WooSupply – Suppliers, Supply Orders and Stock Management Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f4ff6d9dbad...
WordPress Slimstat Analytics Plugin <= 4.9.3.2 is vulnerable to SQL Injection
Software Slimstat Analytics Type Plugin Vulnerable versions = 4.9.3.2 Fixed in 4.9.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0630 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 4253ca9a6d2d Credits Marc Montpas Required privilege Subscribe...
WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection
Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...
WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25472 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1974c1ffec51 Credits yuyudhn...
WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...
WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45068 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b67044142b86 Credi...
WordPress Auto Affiliate Links Plugin <= 6.2.1.5 is vulnerable to Privilege Escalation
Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.2.1.5 Fixed in 6.2.1.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-45840 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 552906959004 Credits Nguyen Anh Tien...
WordPress GS Products Slider for WooCommerce Plugin < 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software GS Products Slider for WooCommerce Type Plugin Vulnerable versions 1.5.9 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0492 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 912bee63a436 Credits...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0554 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c79ea8bd00a5 Credits Marco Wotschka...
WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)
Software DH – Anti AdBlocker Type Plugin Vulnerable versions = 36 Fixed in 37 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47162 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1473176655f8 Credits rezaduty Required...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS)
Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.48 Fixed in 1.5.49 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47170 Patch priority Low CVSS severity Low 5.9 Developer Unlimited...
WordPress Page Builder: Live Composer Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.22 Fixed in 1.5.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3a851e56815e Credits Istv...
WordPress WP Airbnb Review Slider Plugin < 3.3 is vulnerable to SQL Injection
Software WP Airbnb Review Slider Type Plugin Vulnerable versions 3.3 Fixed in 3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0262 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e5bb0170c3f4 Credits István Márton Required privilege Subscriber...
WordPress Extensive VC Addons for WPBakery page builder Plugin < 1.9.1 is vulnerable to Local File Inclusion
Software Extensive VC Addons for WPBakery page builder Type Plugin Vulnerable versions 1.9.1 Fixed in 1.9.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0159 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 335c3e6ccfa2 Credits dc11 Required...
WordPress WP Go Maps Plugin <= 9.0.15 is vulnerable to Directory Traversal
Software WP Go Maps Type Plugin Vulnerable versions = 9.0.15 Fixed in 9.0.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Directory Traversal CVE CVE-2022-47595 Patch priority Low CVSS severity Low 4.9 Developer WP Go Maps PSID ce001c792740 Credits rezaduty Required privilege...
WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.81 Fixed in 1.1.82 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23971 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e04532f2022b Credits Rio Darmaw...
WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...
WordPress Hide My WP Plugin < 6.2.9 is vulnerable to SQL Injection
Software Hide My WP Type Plugin Vulnerable versions 6.2.9 Fixed in 6.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-4681 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ad94e6b8ba54 Credits Xenofon Vassilakopoulos Required privilege...
WordPress Revive Old Posts Plugin < 9.0.11 is vulnerable to PHP Object Injection
Software Revive Old Posts Type Plugin Vulnerable versions 9.0.11 Fixed in 9.0.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4680 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a37521b3e635 Credits Nguyen Huu Do Required privilege...
WordPress RSS Aggregator by Feedzy Plugin < 4.1.1 is vulnerable to Cross Site Scripting (XSS)
Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4667 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cee226bbb884 Credits István Márt...
WordPress Content Control Plugin < 1.1.10 is vulnerable to Cross Site Scripting (XSS)
Software Content Control Type Plugin Vulnerable versions 1.1.10 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4509 Patch priority Medium CVSS severity Medium 6.3 Developer Code Atlantic LLC PSID a16131ad7c93 Credits István Márton...
WordPress soundblast Theme < 10 is vulnerable to Arbitrary File Upload
Software soundblast Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8aee103c2d72 Credits Joshua Small Required privilege...
WordPress kingclub-theme Theme < 10 is vulnerable to Arbitrary File Upload
Software kingclub-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c582a1ee7025 Credits Joshua Small Required privilege...
WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress WooSwipe WooCommerce Gallery plugin versions = 2.0.1. Solution No patched version is available. No reply from the vendor...
WordPress Add Multiple Marker plugin <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...
WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Activity Reactions For Buddypress plugin versions = 1.0.22. Solution No patched version is available...
WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.2. Solution Update the WordPress Find and Replace All plugin to the latest available version at least 1.3...
WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...
WordPress Video Thumbnails plugin <= 2.12.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Video Thumbnails plugin versions = 2.12.3. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress Homepage Popup plugin <= 1.2.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika in the WordPress Homepage Pop-up plugin versions = 1.2.5. Solution No patched version is available. No reply from the vendor...
WordPress Booster for WooCommerce premium <= 5.6.4 - Auth. Arbitrary File Download vulnerability
Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress Booster for WooCommerce premium versions = 5.6.4. Solution Update the WordPress Booster Plus for WooCommerce plugin to the latest available version at least 5.6.5...
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability
Auth. Remote Code Execution vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...
WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...
WordPress SEO Plugin by Squirrly SEO plugin <= 12.1.10 - Auth. Arbitrary File Upload vulnerability
Auth. Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress SEO Plugin by Squirrly SEO plugin versions = 12.1.10. Solution Update the WordPress SEO Plugin by Squirrly SEO plugin to the latest available version at least 12.1.11...
WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities
Multiple Cross-Site Scripting CSRF vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress SEO Redirection Plugin plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 9.1...
WordPress Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Corona Virus COVID-19 Banner & Live Data plugin versions = 1.7.0.6. Solution No patched version is available. No reply from the vendor...
WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability
Auth. Sensitive Data Exposure vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Phone Orders for WooCommerce plugin versions = 3.7.1. Solution Update the WordPress Phone Orders for WooCommerce plugin to the latest available version at least 3.7.2...
WordPress Newspaper premium theme < 12.1 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Truoc Phan in WordPress Newspaper premium theme versions 12.1. Solution Update the WordPress Newspaper theme to the latest available version at least 12.1...
WordPress Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Integration for Szamlazz.hu & WooCommerce plugin versions = 5.6.3.2. Solution Update the WordPress Integration for Szamlazz.hu & WooCommerce plugin to the latest available...