46606 matches found
WordPress Jupiter premium theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability
Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...
WordPress Enqueue Anything plugin <= 1.0.1 - Arbitrary Asset/Post Deletion vulnerability
Arbitrary Asset/Post Deletion vulnerability discovered by Abhishek Bhoir in WordPress Enqueue Anything plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of April 26, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Advanced Admin Search plugin <= 1.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Advanced Admin Search plugin versions = 1.1.5. Solution Update the WordPress Advanced Admin Search plugin to the latest available version at least 1.1.6...
WordPress Throws SPAM Away plugin <= 3.3 - Comment Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Comment Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Throws SPAM Away plugin versions = 3.3. Solution Update the WordPress Throws SPAM Away plugin to the latest available version at least 3.3.1...
WordPress Video Slider – Slider Carousel plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Video Slider – Slider Carousel plugin versions = 1.4.6. Solution Update the WordPress Video Slider – Slider Carousel plugin to the latest available version at least 1.4.8...
WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...
WordPress Easy FAQ with Expanding Text plugin <= 3.2.8.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Easy FAQ with Expanding Text plugin versions = 3.2.8.3.1. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for...
WordPress Birthdays Widget plugin <= 1.7.18 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja Chaudhari in WordPress Birthdays Widget plugin versions = 1.7.18. Solution Deactivate and delete. This plugin has been closed as of April 8, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress StaffList plugin <= 3.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Hassan Khan Yusufzai in WordPress StaffList plugin versions = 3.1.5. Solution Update the WordPress StaffList plugin to the latest available version at least 3.1.6...
WordPress StaffList plugin <= 3.1.5 - Arbitrary Staff Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Staff Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Hassan Khan Yusufzai in the WordPress StaffList plugin versions = 3.1.5. Solution Update the WordPress StaffList plugin to the latest available version at least 3.1.6...
WordPress Nirweb support plugin <= 2.7.9 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Nirweb support plugin versions = 2.7.9. Solution Update the WordPress Nirweb support plugin to the latest available version at least 2.8.2...
WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version is available...
WordPress Turn off all comments plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Turn off all comments plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress WPC Smart Wishlist for WooCommerce plugin <= 2.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress WPC Smart Wishlist for WooCommerce plugin versions = 2.9.8. Solution Update the WordPress WPC Smart Wishlist for WooCommerce plugin to the latest available version at least 2.9.9...
WordPress Wbcom Designs – BuddyPress Create Group Type plugin <= 2.7.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability
Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Create Group Type plugin versions = 2.7.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download...
WordPress Adrotate plugin <= 5.8.22 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Adrotate plugin versions = 5.8.22. Solution Update the WordPress Adrotate plugin to the latest available version at least 5.8.23...
WordPress WP-Appbox plugin <= 4.3.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by mirphak Patchstack Alliance in WordPress WP-Appbox plugin versions = 4.3.20. Solution Update the WordPress WP-Appbox plugin to the latest available version at least 4.4.0...
WordPress Web To Print Shop : uDraw plugin <= 3.3.32 - Unauthenticated Arbitrary File Access vulnerability
Unauthenticated Arbitrary File Access vulnerability discovered by cydave in WordPress Web To Print Shop : uDraw plugin versions = 3.3.32. Solution Update the WordPress Web To Print Shop : uDraw plugin to the latest available version at least 3.3.33...
WordPress WP Downgrade plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress WP Downgrade plugin versions = 1.2.2. Solution Update the WordPress WP Downgrade plugin to the latest available version at least 1.2.3...
WordPress Limit Login Attempts (Spam Protection) plugin <= 4.9.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Limit Login Attempts Spam Protection plugin versions = 4.9.1. Solution Update the WordPress Limit Login Attempts Spam Protection plugin to the latest available version at least 5.1...
WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...
WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.7 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Wishlist for WooCommerce plugin versions = 1.1.7. Solution Update the WordPress Premmerce Wishlist for WooCommerce plugin to the latest available version at least 1.1.8...
WordPress Magic Post Thumbnail plugin < 3.3.11 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Magic Post Thumbnail plugin versions 3.3.11. Solution Update the WordPress Magic Post Thumbnail plugin to the latest available version at least 3.3.11...
WordPress WP School Calendar plugin <= 3.5.10 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP School Calendar plugin versions = 3.5.10. Solution Update the WordPress WP School Calendar plugin to the latest available version at least 3.6...
WordPress WP-Cron Status Checker plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP-Cron Status Checker plugin versions = 1.2.2. Solution Update the WordPress WP-Cron Status Checker plugin to the latest available version at least 1.2.4...
WordPress WooCommerce Role Based Pricing by Meow Crew plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Role Based Pricing by Meow Crew plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Role Based Pricing by Meow Crew plugin to the latest available version at least 1.0.2...
WordPress Smart Protect plugin <= 1.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Smart Protect plugin versions = 1.1. Solution No patched version available...
WordPress Before and After Product Images for WooCommerce plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Before and After Product Images for WooCommerce plugin versions = 1.0.3. Solution No patched version available...
WordPress WPHobby Demo Import plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WPHobby Demo Import plugin versions = 1.1.2. Solution No patched version available...
WordPress Netforum Member Directory plugin <= 1.11 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Netforum Member Directory plugin versions = 1.11. Solution No patched version available...
WordPress ConeBlog – WordPress Blog Widgets plugin <= 1.4.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress ConeBlog – WordPress Blog Widgets plugin versions = 1.4.5. Solution Update the WordPress ConeBlog – WordPress Blog Widgets plugin to the latest available version at least 1.4.6...
WordPress Easy Smooth Scroll Links – Smooth Scrolling Anchor plugin <= 2.23.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Smooth Scroll Links – Smooth Scrolling Anchor plugin versions = 2.23.0. Solution Update the WordPress Easy Smooth Scroll Links – Smooth Scrolling Anchor plugin to the latest available version at...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.4. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at least 3.5.5...
WordPress Modern Addons for Elementor Page Builder plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Modern Addons for Elementor Page Builder plugin versions = 1.1.2. Solution Update the WordPress Modern Addons for Elementor Page Builder plugin to the latest available version at least 1.2.0...
WordPress "WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule" plugin <= 2020.1.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress "WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule" plugin versions = 2020.1.0. Solution No patched version available...
WordPress SEO Plugin by Squirrly SEO plugin <= 11.1.11 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress SEO Plugin by Squirrly SEO plugin versions = 11.1.11. Solution Update the WordPress SEO Plugin by Squirrly SEO plugin to the latest available version at least 11.1.12...
WordPress Stripe Express plugin < 1.7.7 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Stripe Express plugin versions 1.7.7. Solution Update the WordPress Stripe Express plugin to the latest available version at least 1.7.7...
WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database (CFDB7) Plugin plugin < 0.6.7 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database CFDB7 Plugin plugin versions 0.6.7. Solution Update the WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7...
WordPress Salon Booking System Pro plugin <= 7.6.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Huli Cymetrics in WordPress Salon Booking System Pro plugin versions = 7.6.1. Solution Update the WordPress Salon Booking System Pro plugin to the latest available version at least 7.6.3...
WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin < 1.4.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin versions 1.4.2. Solution Update the WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin to the...
WordPress Files Download Delay plugin < 1.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Files Download Delay plugin versions 1.0.4. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.4...
WordPress BSD Split Pay for Stripe Connect on Woo plugin <= 3.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BSD Split Pay for Stripe Connect on Woo plugin versions = 3.2.0. Solution Update the WordPress BSD Split Pay for Stripe Connect on Woo plugin to the latest available version at least 3.2.1...
WordPress Greenshift – animation and page builder blocks plugin < 1.1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Greenshift – animation and page builder blocks plugin versions 1.1.4. Solution Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version at least 1.1.4...
WordPress Add Pinterest conversion tags for Pinterest Ads + Site verification plugin <= 1.2.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Add Pinterest conversion tags for Pinterest Ads + Site verification plugin versions = 1.2.2. Solution Update the Add Pinterest conversion tags for Pinterest Ads + Site verification plugin to the latest available version at lea...
WordPress Cryptocurrency Product for WooCommerce plugin <= 3.14.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Cryptocurrency Product for WooCommerce plugin versions = 3.14.0. Solution Update the WordPress Cryptocurrency Product for WooCommerce plugin to the latest available version at least 3.14.6...
WordPress annasta Woocommerce Product Filters plugin < 1.5.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress annasta Woocommerce Product Filters plugin versions 1.5.0. Solution Update the WordPress annasta Woocommerce Product Filters plugin to the latest available version at least 1.5.0...
WordPress SLP – Extenders plugin < 5.9.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress SLP – Extenders plugin versions 5.9.1. Solution Update the WordPress SLP – Extenders plugin to the latest available version at least 5.9.1...
WordPress Smart Variations Images & Swatches for WooCommerce plugin < 5.1.10 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Smart Variations Images & Swatches for WooCommerce plugin versions 5.1.10. Solution Update the WordPress Smart Variations Images & Swatches for WooCommerce plugin to the latest available version at least 5.1.10...
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress WP Google Map plugin versions = 4.2.3. Solution Update the WordPress WP Google Map plugin to the latest available version at least 4.2.4...
WordPress GDMylist plugin <= 1.1.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress GDMylist plugin versions = 1.1.1. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...