WordPress Colorbold Theme - Email Spoofing

Because of this vulnerability, the attackers can send email from your server without authorization. Solution Disable this theme...

WordPress WPtouch Plugin <= 1.9.8 - Remote Code Executio

This plugin is prone to a remote code execution in ajax/fileupload.php. Solution Update the plugin...

WordPress Gallery Objects Plugin 0.4 - SQL Injection

This WordPress Gallery Objects plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress WP Construction Mode Plugin <= 1.8 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "wuclogo" parameter in a save action to wp-admin/admin.php. Solution Update the plugin...

WordPress Polldaddy Polls & Ratings Plugin <= 2.0.24 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. Solution Update the plugin...

WordPress WP Social Invitations Plugin <= 1.4.4.2 - XSS

Because of this vulnerability in test.php, the attackers can inject arbitrary web script or HTML via the "xhrurl" parameter. Solution Update the plugin...

WordPress Responsive Preview Plugin <= 1.1 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Amazon Affiliate Shop Plugin <= 0.9.6 - Local File Inclusion

This vulnerability is in reviews.php. It allows the attackers to read arbitrary files via a full pathname in the "url" parameter. Solution Update the plugin...

WordPress Votecount for Balatarin Plugin <= 0.1.1 - XSS

Because of this vulnerability in bvc.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS

Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Swipe Checkout for Jigoshop Plugin <= 3.1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "apiurl" parameter. Solution Update the plugin...

WordPress ToolPage Plugin <= 1.6.1 - XSS

Because of this vulnerability in includes/getTipo.php, the attackers can inject arbitrary web script or HTML via the "t" parameter. Solution Update the plugin...

WordPress Ooorl Plugin - Cross Site Scripting

Because of this vulnerability in redirect.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...

WordPress GEO Redirect Plugin <= 1.0.1 - XSS

Because of this vulnerability in ajaxfunctions.php, the attackers can inject arbitrary web script or HTML via the "hidid" parameter. Solution Update the plugin...

WordPress Flash & HTML5 Video Plugin - Cross Site Request Forgery

This Flash & HTML5 Video plugin is prone to a CSRF vulnerability. It allows an attacker to perform certain actions that lead to further attacks. Solution Update the plugin...

WordPress BookX Plugin - Local File Include

BookX plugin's "includes/bookxexport.php" is prone to a local file include vulnerability because of failure of validation user-supplied input. It allows an attacker to get potentially sensitive information. Solution Update the plugin...

WordPress ENL Newsletter Plugin - SQL Injection

This WordPress ENL Newsletter plugin's "wp-admin/admin.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...

WordPress Search Everything Plugin <= 8.1.0 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified victims via unknown vectors. Solution Update the plugin...

WordPress Contact Bank Plugin <= 2.0.19 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the Label field, related to form layout configuration. Solution Update the plugin...

WordPress Twitget Plugin <= 3.3.2 - Multiple XSS

Because of these vulnerabilities in twitget.php, authenticated administrators can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

WordPress Ajax Pagination Plugin 1.1 - Local File Inclusion

Ajax Pagination plugin is prone to a file inclusion vulnerability. It is exploitable by an unauthenticated user, who can include any local file ending in “.php” which is accessible to the web user. Solution Upgrade the plugin...

WordPress <= 3.3.2 - Cross Site Scripting

Because of this vulnerability in wp-includes/default-filters.php, the attackers can inject arbitrary web script or HTML via an editable slug field. Solution Update the plugin...

WordPress <= 3.0.1 - XSS

Because of this vulnerability in wp-admin/plugins.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

WordPress Newsletter Manager Plugin <= 1.0.1 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Recommend To a Friend Plugin <= 2.0.2 - XSS

Because of this vulnerability in inc/rafform.php, the attackers can inject arbitrary web script or HTML via the "currenturl" parameter. Solution Update the plugin...

WordPress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities

WordPress IndiaNIC Testimonial plugin is prone to multiple vulnerabilities, such as cross-site request forgery, cross-site scripting and SQL injection vulnerabilities. Solution Stop using this plugin in a public environment...

WordPress Spider Event Calendar Plugin 1.3.0 - Multiple Vulnerabilities

Spider Event Calendar plugin is prone to multiple vulnerabilities: 1. Insufficient access check for AJAX operations in "calendar.php"; 2. SQL Injection in "calendar.php" function "spidercalendarquickupdate"; 3. SQL Injection in "calendar.php" function "spidercalendarquickedit"; 4. SQL Injection i...

WordPress Related Posts Plugin <= 1.3.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change settings via unknown vectors. Solution Update the plugin...

WordPress WP Photo Album Plus Plugin <= 5.0.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "commentid" parameter in a wppamanagecomments edit action. Solution Update the plugin...

WordPress Maintenance Mode Plugin <= 1.8.7 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that modify this plugin's settings. Solution Update the plugin...

WordPress WP PostViews Plugin <= 1.62 - CSRF

Because of this vulnerability in the options admin page, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...

WordPress Feedweb Plugin - Cross Site Scripting

WordPress Feedweb plugin's "wppostid'" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

WordPress Social Sharing Toolkit Plugin <= 2.1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors. Solution Update the plugin...

WordPress Lazyest Backup Plugin <= 0.2.1 - XSS

Because of this vulnerability in lazyest-backup.php, the attackers can inject arbitrary web script or HTML via the "xmlorall" parameter. Solution Update the plugin...

WordPress My Calendar Plugin <= 1.10.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...

WordPress Advanced Custom Fields Plugin - Remote File Inclusion

WordPress Advanced Custom Fields plugin is prone to a remote file inclusion vulnerability. It allows for remote file inclusion and remote code execution via the export.php script. Solution Update the plugin...

WordPress <= 3.4.2

The attackers can discover valid session identifiers via a brute-force attack, because this WordPress version does not invalidate a wordpresssec session cookie upon an administrator's logout action. Solution The application should keep track of session identifiers where a user has explicitly logg...

WordPress All Video Gallery Plugin 1.1 - SQL Injection Vulnerability

This WordPress All Video Gallery plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress White Label CMS Plugin <= 1.5 - XSS

Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcmsodevelopername" parameter. Solution Update the plugin...

WordPress Pay With Tweet Plugin <= 1.1 - SQL Injection

Because of this vulnerability, the authenticated users can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...

WordPress Pretty Link Lite Plugin <= 1.5.5 - XSS

Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...

WordPress Sexy Add Template Plugin - Cross Site Request Forgery

Sexy Add Template plugin is prone to a cross-site request forgery vulnerability because the application fails to properly validate HTTP requests. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's...

WordPress Image News Slider Plugin <= 3.2 - Unspecified vulnerability

Because of this vulnerability, this plugin has unspecified impact and remote attack vectors. Solution Update the plugin...

WordPress 2 Click Social Media Buttons Plugin <= 0.33 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

WordPress Better WP Security Plugin <= 3.2.4 - Multiple XSS

Because of this vulnerabilities, the attackers can inject arbitrary web script or HTML via unspecified vectors related to "server variables". Solution Update the plugin...

WordPress ThreeWP Email Reflector Plugin - Stored XSS

ThreeWP Email Reflector plugin is prone to a stored XSS vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...

WordPress Chenpress Plugin - Arbitrary File Upload

WordPress Chenpress plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...

WordPress Post Recommendations Plugin 1.1.2 - Remote File Include

WordPress Post Recommendations plugin's "abspath" parameter is prone to a remote file include vulnerability. It allows an attacker o compromise the application and the underlying system. Other attacks are also possible. Solution Update the plugin...

WordPress Newsletter Plugin 1.5 - Remote File Disclosure

WordPress Newsletter plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel. Solution Update the plugin...