46606 matches found
WordPress Contact Form Submissions plugin <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Contact Form Submissions plugin versions = 1.7.2. Solution Update the WordPress Contact Form Submissions plugin to the latest available version at least 1.7.3...
WordPress CommonsBooking plugin <= 2.6.7 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress CommonsBooking plugin versions = 2.6.7. Solution Update the WordPress CommonsBooking plugin to the latest available version at least 2.6.8...
WordPress Login with phone number plugin <= 1.3.6 - Unauthenticated Remote Plugin Deletion vulnerability
Unauthenticated Remote Plugin Deletion vulnerability discovered by Michal Lipinski in WordPress Login with phone number plugin versions = 1.3.6. Solution Update the WordPress Login with phone number plugin to the latest available version at least 1.3.7...
WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability
Unauthorized AJAX Calls vulnerability discovered by Jan w Oleju in WordPress Relevanssi – A Better Search plugin versions = 4.14.5. Solution Update the WordPress Relevanssi – A Better Search plugin to the latest available version at least 4.14.6...
WordPress Asgaros Forum plugin <= 1.15.20 - Blind SQL Injection (SQLi) vulnerability
Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Asgaros Forum plugin versions = 1.15.20. Solution Update the WordPress Asgaros Forum plugin to the latest available version at least 2.0.0...
WordPress Crazy Bone plugin <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Crazy Bone plugin versions = 0.6.0. Solution Deactivate and delete. This plugin has been closed as of January 26, 2022 and is not available for download. This closure is temporary, pending a...
WordPress WHMCS Bridge plugin <= 6.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WHMCS Bridge plugin versions = 6.3. Solution Update the WordPress WHMCS Bridge plugin to the latest available version at least 6.4b...
WordPress WordPress GDPR & CCPA premium plugin <= 1.9.26 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ace Candelario @0xspade and Victor Paynat-Sautivet 3DS Outscale SOC in WordPress WordPress GDPR & CCPA premium plugin versions = 1.9.26. Solution Update the WordPress WordPress GDPR & CCPA premium plugin to the latest...
WordPress ProfileGrid plugin <= 4.7.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress ProfileGrid plugin versions = 4.7.4. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 4.7.5...
WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability via Import Tool discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...
WordPress Futurio Extra plugin <= 1.6.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Jan w Oleju in WordPress Futurio Extra plugin versions = 1.6.2. Possible chained Cross-Site Scripting XSS vulnerability. Solution Update the WordPress Futurio Extra plugin to the latest available version at least 1.6.3...
WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.5. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.6...
WordPress Store Toolkit for WooCommerce plugin <= 2.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Store Toolkit for WooCommerce plugin versions = 2.3.1. Solution Update the WordPress Store Toolkit for WooCommerce plugin to the latest available version at least 2.3.2...
WordPress Ivory Search plugin <= 5.4 - Multiple Stored Cross-Site Scripting (XSS) vulnerability
Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Yoru Oni in WordPress Ivory Search plugin versions = 5.4. Solution Update the WordPress Ivory Search plugin to the latest available version at least 5.4.1...
WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in WordPress Ultimate Reviews plugin versions = 3.0.15. Solution Update the WordPress Ultimate Reviews plugin to the latest available version at least 3.0.16...
WordPress Document Embedder plugin <= 1.7.4 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure vulnerability
Unauthenticated Arbitrary Private/Draft Post Title Disclosure vulnerability discovered by apple502j in WordPress Document Embedder plugin versions = 1.7.4. Solution Update the WordPress Document Embedder plugin to the latest available version at least 1.7.5...
WordPress Visual CSS Style Editor plugin <= 7.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Visual CSS Style Editor plugin versions = 7.5.3. Solution Update the WordPress Visual CSS Style Editor plugin to the latest available version at least 7.5.4...
WordPress Link Library plugin <= 7.2.7 - Library Settings Reset via Cross-Site Request Forgery (CSRF) vulnerability
Library Settings Reset via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Link Library plugin versions = 7.2.7. Solution Update the WordPress Link Library plugin to the latest available version at least 7.2.8...
WordPress Link Library plugin <= 7.2.7 - Unauthenticated Arbitrary Links Deletion vulnerability
Unauthenticated Arbitrary Links Deletion vulnerability discovered by Krzysztof Zając in WordPress Link Library plugin versions = 7.2.7. Solution Update the WordPress Link Library plugin to the latest available version at least 7.2.8...
WordPress Domain Check plugin <= 1.0.17 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress Domain Check plugin versions = 1.0.17. Solution Update the WordPress Domain Check plugin to the latest available version at least 1.0.18...
WordPress WP User Frontend plugin <= 3.5.25 - SQL Injection (SQLi) to Reflected Cross-Site Scripting (XSS)
SQL Injection SQLi to Reflected Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress WP User Frontend plugin versions = 3.5.25. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.26...
WordPress Ultra Seven theme <= 1.2.8 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Ultra Seven theme versions = 1.2.8. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Mobile Events Manager plugin <= 1.4.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Varun thorat in WordPress Mobile Events Manager plugin versions = 1.4.3.1. Solution Update the WordPress Mobile Events Manager plugin to the latest available version at least 1.4.4...
WordPress Product Feed PRO for WooCommerce plugin <= 11.0.6 - Settings Update to Stored Cross-Site Scripting (XSS) vulnerability
Settings Update to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Product Feed PRO for WooCommerce plugin versions = 11.0.6. Solution Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version at least 11.0.7...
WordPress SEUR Oficial plugin <= 1.6.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress SEUR Oficial plugin versions = 1.6.0. Solution Update the WordPress SEUR Oficial plugin to the latest available version at least 1.7.0...
WordPress Smash Balloon Social Post Feed plugin <= 4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Smash Balloon Social Post Feed plugin versions = 4.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 4.1.1...
WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated Privilege Escalation vulnerability
Authenticated Privilege Escalation vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...
WordPress myghpay WooCommerce Payment Gateway plugin <= 3.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress myghpay WooCommerce Payment Gateway plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of December 13, 2021 and is not available for download. This closure is temporary, pending a...
WordPress Best WordPress FAQ plugin <= 1.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Best WordPress FAQ plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress link-list-manager plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress link-list-manager plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Lets-Box premium plugin <= 1.13.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Trainer Red in WordPress Lets-Box premium plugin versions = 1.13.2. Solution Update the WordPress Lets-Box premium plugin to the latest available version at least 1.13.3...
WordPress Fathom Analytics plugin <= 3.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress Fathom Analytics plugin versions = 3.0.4. Solution Update the WordPress Fathom Analytics plugin to the latest available version at least 3.0.5...
WordPress Site Reviews plugin <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Site Reviews plugin versions = 5.17.2. Solution Update the WordPress Site Reviews plugin to the latest available version at least 5.17.3...
WordPress Button Generator – easily Button Builder plugin <= 2.3.2 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability
Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress Button Generator – easily Button Builder plugin versions = 2.3.2. Solution Update the WordPress Button Generator – easily Button Builder plugin to the latest available...
WordPress Zigcy Baby theme <= 1.0.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Zigcy Baby theme versions = 1.0.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Agency Lite theme <= 1.1.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Agency Lite theme versions = 1.1.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability
Unauthenticated Plugin Deactivation vulnerability discovered by Dave Jong in WordPress Hide My WP premium plugin versions = 6.2.3. Solution Update the WordPress Hide My WP premium plugin to the latest available version at least 6.2.4...
WordPress Blog2Social plugin <= 6.8.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Blog2Social plugin versions = 6.8.6. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.8.7...
WordPress Ultimate Nofollow plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Quentin VILLAIN 3wsec in WordPress Ultimate Nofollow plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. This closure is temporary, pending a full...
WordPress Inspirational Quote Rotator plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Vishal Mohan in WordPress Inspirational Quote Rotator plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. This closure is temporary, pending a...
WordPress Temporary Login Without Password plugin <= 1.7.0 - Unauthorized Plugin's Settings Update vulnerability
Unauthorized Plugin's Settings Update vulnerability discovered by apple502j in WordPress Temporary Login Without Password plugin versions = 1.7.0. Solution Update the WordPress Temporary Login Without Password plugin to the latest available version at least 1.7.1...
WordPress Improved Include Page plugin <= 1.2 - Arbitrary Posts/Pages Access vulnerability
Arbitrary Posts/Pages Access vulnerability discovered by Francesco Carlucci in WordPress Improved Include Page plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of October 8, 2021 and is not available for download. This closure is temporary, pending a full revi...
WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.6.1. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.6.2...
WordPress Caldera Forms plugin <= 1.9.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Dhananjay Garg in WordPress Caldera Forms plugin versions = 1.9.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.5...
WordPress Microsoft Clarity plugin <= 0.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd. in WordPress Microsoft Clarity plugin versions = 0.3. Solution Update the WordPress Microsoft Clarity plugin to the latest available version at least 0.4...
WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability
Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms Pro premium plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms Pro premium plugin to the latest available version at least 1.6.9...
WordPress Easy Digital Downloads plugin <= 2.11.2 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Easy Digital Downloads plugin versions = 2.11.2. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.2.1...
WordPress Logo Showcase with Slick Slider plugin <= 1.2.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.3. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.4...
WordPress QR Redirector plugin <= 1.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress QR Redirector plugin versions = 1.6. Solution Update the WordPress QR Redirector plugin to the latest available version at least 1.6.1...
WordPress job-portal plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress job-portal plugin versions = 0.0.1. Solution Deactivate and delete. This plugin has been closed as of October 13, 2021 and is not available for download. This closure is temporary, pendi...