46606 matches found
WordPress Telefication vulnerability <= 1.8.0 - Open Relay and Server-Side Request Forgery vulnerability
Open Relay and Server-Side Request Forgery vulnerability discovered by Marco Wotschka & Charles Strader Sweethill in WordPress Telefication vulnerability versions = 1.8.0. Solution This plugin has been closed as of September 20, 2021 and is not available for download. This closure is temporary,...
WordPress XforWooCommerce plugin <=1.6.4 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in the WordPress XforWooCommerce plugin versions =1.6.4. Solution...
WordPress Sociable plugin <= 4.3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Genubhau Wayal in WordPress Sociable plugin versions = 4.3.4.1. Solution Deactivate and delete. This plugin has been closed as of August 9, 2021 and is not available for download. Reason: Security Issue...
WordPress Support Board plugin <= 3.3.3 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by John Jefferson Li in the WordPress Support Board plugin versions = 3.3.3. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.4...
WordPress WP-T-Wap plugin <= 1.13.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP-T-Wap plugin versions = 1.13.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress GNU-Mailman Integration plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress GNU-Mailman Integration plugin versions = 1.0.6. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Modern Events Calendar Lite plugin <= 5.22.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Modern Events Calendar Lite plugin versions = 5.22.1. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 5.22.2...
WordPress Appointment Hour Booking plugin <= 1.3.15 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Appointment Hour Booking plugin versions = 1.3.15. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.16...
WordPress WooCommerce Dynamic Pricing & Discounts premium plugin <= 2.4.1 - Unauthenticated Settings Export vulnerability
Unauthenticated Settings Export vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Dynamic Pricing & Discounts premium plugin versions = 2.4.1. Solution Update the WordPress WooCommerce Dynamic Pricing & Discounts premium plugin to the latest available version at leas...
WordPress Advanced Custom Fields plugin <= 5.9.9 - Arbitrary ACF Data/Field Groups View and Fields Move vulnerability
Arbitrary ACF Data/Field Groups View and Fields Move vulnerability discovered by Keitaro Yamazaki in WordPress Advanced Custom Fields plugin versions = 5.9.9. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.10...
WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 2.8.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Recipe Card Blocks for Gutenberg & Elementor plugin versions = 2.8.2. Solution Update the WordPress Recipe Card Blocks for Gutenberg & Elementor plugin to the latest available version at least 2.8.3...
WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin versions = 2.0.2. Vulnerable at "Headline" &messagedata16headline input. Solution Update the WordPress Icegram plugin to the latest available version at least 2.0.3...
WordPress Smash Balloon Social Post Feed plugin <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Smash Balloon Social Post Feed plugin versions = 2.19.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 2.19.2...
WordPress WP Courses LMS plugin <= 2.0.43 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tri Wanda Septian in WordPress WP Courses LMS plugin versions = 2.0.43. Solution Update the WordPress WP Courses LMS plugin to the latest available version at least 2.0.44...
WordPress Custom Post Type Relations plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Post Type Relations plugin = 1.0. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Media Usage plugin <= 0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Media Usage plugin versions = 0.0.4. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Per page add to head plugin <= 1.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Prashant Karman Patel in WordPress Per page add to head plugin versions = 1.4.4. Solution This plugin has been closed as of June 7, 2021 and is not available for download. Reason: Security Issue...
WordPress Product Limited Time Availability Date for WooCommerce plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Product Limited Time Availability Date for WooCommerce plugin versions = 1.0.1. Solution 2021-08-27 - no patched version available...
WordPress SpeakOut! Email Petitions plugin <= 2.13.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress SpeakOut! Email Petitions plugin versions = 2.13.1.1. Solution Update the WordPress SpeakOut! Email Petitions plugin to the latest available version at least 2.13.3...
WordPress Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Sitewide Notice WP versions = 2.2. Solution Update the WordPress Sitewide Notice WP to the latest available version at least 2.3...
WordPress youForms plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by xiahao in WordPress youForms plugin versions = 1.0.5. Solution This plugin has been closed as of July 30, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
WordPress Admin Custom Login plugin <= 3.2.7 – Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Ryoma Nishioka Cryptography Laboratory - Tokyo Denki University in WordPress Admin Custom Login plugin versions = 3.2.7. Solution Update the WordPress Admin Custom Login plugin to the latest...
WordPress WP Upload Restriction plugin <= 2.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Angelo Righi in WordPress WP Upload Restriction plugin versions = 2.2.3. Solution Update the WordPress WP Upload Restriction plugin to the latest available version at least 2.2.4...
WordPress Profile Builder plugin <= 3.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Profile Builder plugin versions = 3.4.7. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.4.8...
WordPress Youzify plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Phu Tran in WordPress Youzify plugin versions = 1.0.6. Solution Update the WordPress Youzify plugin to the latest available version at least 1.0.7...
WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in File Uploader Component vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...
WordPress Remove Schema plugin <= 1.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Remove Schema plugin versions = 1.4. Solution Update the WordPress Remove Schema plugin to the latest available version at least 1.6...
WordPress Browser Screenshots plugin <= 1.7.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Browser Screenshots plugin versions = 1.7.5. Solution Update the WordPress Browser Screenshots plugin to the latest available version at least 1.7.6...
WordPress Leaflet Map plugin <= 2.23.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Leaflet Map plugin versions = 2.23.3. Solution Update the WordPress Leaflet Map plugin to the latest available version at least 3.0.0...
WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file
Authenticated Stored Cross-Site Scripting XSS vulnerability via uploaded SVG file discovered by Rasi in WordPress WP SVG images plugin versions = 3.3. Solution Update the WordPress WP SVG images plugin to the latest available version at least 3.4...
WordPress WP Hardening plugin <= 1.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress WP Hardening plugin versions = 1.2.1. Solution Update the WordPress WP Hardening plugin to the latest available version at least 1.2.2...
WordPress Comments Like Dislike plugin <= 1.1.3 - Repeated Voting Restriction Bypass vulnerability
Repeated Voting Restriction Bypass vulnerability discovered by Phu Tran in WordPress Comments Like Dislike plugin versions = 1.1.3. Solution Update the WordPress Comments Like Dislike plugin to the latest available version at least 1.1.4...
WordPress Admin Columns PRO premium plugin <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns PRO premium plugin versions = 5.4.4. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.1...
WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...
WordPress Side Menu plugin <= 3.1.3 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Side Menu plugin versions = 3.1.3. Solution Update the WordPress Side Menu plugin to the latest available version at least 3.1.5...
WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability
Object injection in PHPMailer vulnerability discovered in WordPress one security issue affecting WordPress versions between 3.7 and 5.7. Solution Update the WordPress to the latest available version at least 5.7.2. All WordPress versions since 3.7 have also been updated to fix the following...
WordPress Autoptimize plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Autoptimize plugin versions = 2.8.3. Solution Update the WordPress Autoptimize plugin to the latest available version at least 2.8.4...
WordPress Smooth Scroll Page Up/Down Buttons WordPress plugin <= 1.4 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Smooth Scroll Page Up/Down Buttons WordPress plugin versions = 1.4. Solution 2021-04-29 - No patched version is available...
WordPress AcyMailing SMTP Newsletter plugin <= 7.4.1 - Unauthenticated Open Redirect vulnerability
Unauthenticated Open Redirect vulnerability discovered by Viktor Markopoulos WordPress AcyMailing SMTP Newsletter plugin versions = 7.4.1. Solution Update the WordPress AcyMailing SMTP Newsletter plugin to the latest available version at least 7.5.0...
WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...
WordPress Store Locator Plus plugin <= 5.5.14 - Authenticated Privilege Escalation vulnerability
Authenticated Privilege Escalation vulnerability discovered by WordFence in WordPress Store Locator Plus plugin versions = 5.5.14. Solution Update the WordPress Store Locator Plus plugin to the latest available version at least 5.5.15...
WordPress Accordion plugin <= 2.2.29 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Accordion plugin versions = 2.2.29. Solution Update the WordPress Accordion plugin to the latest available version at least 2.2.30...
WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation vulnerability
Unauthenticated Arbitrary Nonce Generation vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...
WordPress WPGraphQL plugin <= 1.3.5 - Denial of Service vulnerability
Denial of Service vulnerability discovered by Dolev Farhi in WordPress WPGraphQL plugin versions = 1.3.5. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 1.3.6...
WordPress Imagements plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Unauthenticated Arbitrary File Upload leading to Remote Code Execution RCE vulnerability discovered by Jin Huang in WordPress Imagements plugin versions = 1.2.5. Solution Plugin closed. Deactivate and delete...
WordPress Classyfrieds plugin <= 3.8 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress Classyfrieds plugin versions = 3.8. Solution This plugin has been closed as of December 24, 2018 and is not available for download. Reason: Guideline Violation...
WordPress Contact Form Check Tester plugin <= 1.0.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Contact Form Check Tester plugin versions = 1.0.2. Solution This plugin has been closed as of March 25, 2021 and is not available for download. This closure is permanent...
WordPress Media File Renamer plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Red Team in the WordPress Media File Renamer plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...
WordPress WP Page Builder plugin <= 1.2.3 - Insecure Default Configuration vulnerability
Insecure Default Configuration vulnerability discovered by WordFence in WordPress WP Page Builder plugin versions = 1.2.3. Solution Update the WordPress WP Page Builder plugin to the latest available version at least 1.2.4...