46606 matches found
WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities
Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...
WordPress AccessAlly premium plugin <= 3.5.6 - $_SERVER Superglobal Leakage vulnerability
$SERVER Superglobal Leakage vulnerability discovered by Till Krüss in WordPress AccessAlly premium plugin versions = 3.5.6. Solution Update the WordPress AccessAlly premium plugin to the latest available version at least 3.5.7...
WordPress WooCommerce Upload Files premium plugin <= 59.3 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability found by WordFence in WordPress WooCommerce Upload Files premium plugin versions = 59.3. Solution Update the WordPress WooCommerce Upload Files premium plugin to the latest available version at least 59.4...
WordPress Defender Security plugin <= 2.4.6 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Defender Security plugin versions = 2.4.6. Solution Update the WordPress Defender Security plugin to the latest available version at least 2.4.6.1...
WordPress YITH WooCommerce Gift Cards plugin <= 3.3.0 - Arbitrary File Upload to Remote Code Execution (RCE) vulnerability
Arbitrary File Upload to Remote Code Execution RCE vulnerability found by Guy Liu in WordPress YITH WooCommerce Gift Cards plugin versions = 3.3.0. Solution Update the WordPress YITH WooCommerce Gift Cards plugin to the latest available version at least 3.3.1...
WordPress Process Steps Template Designer plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found in WordPress Process Steps Template Designer plugin versions = 1.2.1. Solution Update the WordPress Process Steps Template Designer plugin to the latest available version at least 1.3...
WordPress EasyBook premium theme <= 1.2.1 - Persistent Cross-Site Scripting (XSS) vulnerability
Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...
WordPress DiveBook plugin <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Hooper Labs WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...
WordPress Media Library Assistant plugin <= 2.84 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability found by Lenon Leite in WordPress Media Library Assistant plugin versions = 2.84. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.9.0...
WordPress Augmented Reality plugin <= 1.2.0 - Unauthenticated PHP File Upload leading to Remote Code Execution (RCE) vulnerability
Unauthenticated PHP File Upload leading to Remote Code Execution RCE vulnerability found by Robert Wiggins in WordPress Augmented Reality plugin versions = 1.2.0. Solution Note from wordpress.org plugin repository: This plugin has been closed as of September 3, 2020 and is not available for...
WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability
XML-RPC Privilege Escalation vulnerability found by Justin Tran in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
WordPress Live Chat - Live support plugin <= 3.1.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Yusuke Fukuda Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University in WordPress Live Chat - Live support plugin versions = 3.1.0. Solution Update the WordPress Live Chat - Live support plugi...
WordPress WooCommerce - NAB Transact plugin <= 2.1.1 - Payment Bypass vulnerability
Payment Bypass vulnerability found by Jack Misiura in WordPress WooCommerce - NAB Transact plugin versions = 2.1.1. Solution Update the WordPress WooCommerce - NAB Transact plugin to the latest available version at least = 2.1.2...
WordPress Sell Media plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Metamorfosec in WordPress Sell Media plugin versions = 2.4.1. Solution Update the WordPress Sell Media plugin to the latest available version at least 2.4.2...
WordPress Email Subscribers & Newsletters <= 4.5.0.1 - Authenticated SQL injection (SQLi) vulnerability
Authenticated SQL injection SQLi vulnerability found by Tenable in WordPress Email Subscribers & Newsletters versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters to the latest available version at least 4.5.1...
WordPress Email Subscribers & Newsletters plugin <= 4.5.0.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Tenable in WordPress Email Subscribers & Newsletters plugin versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 4.5.1...
WordPress All In One SEO Pack plugin <= 3.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress All In One SEO Pack plugin versions = 3.6.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 3.6.2...
WordPress Testimonial Rotator plugin <= 3.0.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Vu Dong in WordPress Testimonial Rotator plugin versions = 3.0.2. Solution Update the WordPress Testimonial Rotator plugin to the latest available version at least 3.0.3...
WordPress ThirstyAffiliates plugin <= 3.9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by minhtuanact in WordPress ThirstyAffiliates plugin versions = 3.9.2. Solution Update the WordPress ThirstyAffiliates plugin to the latest available version at least 3.9.3...
WordPress WP Product Review Lite plugin <= 3.7.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sucuri in WordPress WP Product Review Lite plugin versions = 3.7.5. Solution Update the WordPress WP Product Review Lite plugin to the latest available version at least 3.7.6...
WordPress Elementor Pro premium plugin <= 2.9.3 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Elementor Pro premium plugin versions = 2.9.3. Solution Update the WordPress Elementor Pro premium plugin to the latest available version at least 2.9.4...
WordPress WP Lead Plus X plugin <= 0.98 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...
WordPress Import Export WordPress Users plugin <= 1.3.8 - Arbitrary User Creation vulnerability
Arbitrary User Creation vulnerability discovered by WordFence in WordPress Import Export WordPress Users plugin versions = 1.3.8. Solution Update the WordPress Import Export WordPress Users plugin to the latest available version at least 1.3.9...
WordPress Calculated Fields Form plugin <= 1.0.353 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ben Armstrong Spider Sec Ltd in WordPress Calculated Fields Form plugin versions = 1.0.353. Solution Update the WordPress Calculated Fields Form plugin to the latest available version at least 1.0.354...
WordPress EasyBook premium theme <= 1.2.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...
WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability
CSRF to Stored XSS and Setting Changes vulnerability found by Chloe Chamberland in WordPress Minimal Coming Soon & Maintenance Mode plugin versions = 2.10. Solution Update the WordPress Minimal Coming Soon & Maintenance Mode plugin to the latest available version at least 2.15...
WordPress Blog2Social plugin <=5.8.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress Blog2Social plugin versions =5.8.1. Solution Update the WordPress Blog2Social plugin to the latest available version at least 5.9.0...
WordPress WP SlackSync premium plugin <= 1.8.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability found by fs0c131y in WordPress WP SlackSync premium plugin versions = 1.8.5. Solution Update the WordPress WP SlackSync premium plugin to the latest available version at least 1.8.6...
WordPress Social LikeBox & Feed plugin <= 2.8.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found in WordPress Social LikeBox & Feed plugin versions = 2.8.4. Solution Update the WordPress Social LikeBox & Feed plugin to the latest available version at least 2.8.5...
WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress UserPro plugin versions = 4.9.33. Solution 27 August 2019 - no patched version available...
WordPress AdRotate Banner Manager plugin <= 5.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Tin Duong in WordPress AdRotate Banner Manager plugin versions = 5.2. Solution Update the WordPress AdRotate Banner Manager plugin to the latest available version at least 5.3...
WordPress Zoho SalesIQ plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities
Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerabilities found by Cryptography Laboratory in WordPress Zoho SalesIQ plugin versions = 1.0.8. Solution Update the WordPress Zoho SalesIQ plugin to the latest available version at least 1.0.9...
WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability that leads to Remote Code Execution RCE found by Paul Dannewitz in WordPress Widget Logic plugin versions = 5.9.0. Solution Update the WordPress Widget Logic plugin to the latest available version at least 5.10.2...
WordPress JobCareer theme - 2.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by QUIXSS in WordPress JobCareer theme version 2.5. Solution Update the WordPress JobCareer theme to the latest available version at least 2.5.1...
WordPress Quiz And Survey Master plugin <= 6.2.1 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Quiz And Survey Master plugin versions = 6.2.1. Solution 12 March 2019 - plugin disabled in WordPress plugin repository, but changelog available for the patched version 6.2.2...
WordPress Contact Form 7 Multi-Step Forms plugin <= 3.0.8 - Authenticated Option Update vulnerability (Fremius Library security issue)
Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Contact Form 7 Multi-Step Forms plugin versions = 3.0.8. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 3.0.9...
WordPress WooCommerce plugin <= 3.5.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Fortinet's FortiGuard Labs Zhouyuan Yang in WordPress WooCommerce plugin versions = 3.5.4. Solution Update the WooCommerce plugin to the latest available version at least 3.5.5...
WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by qw3rTyTy in WordPress spam-byebye plugin versions = 2.2.1. Solution Update the WordPress spam-byebye plugin to the latest available version at least 2.2.2...
WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by RIPS Technologies in WordPress Contact Form by WPForms plugin versions = 1.4.7. Solution Update the WordPress Contact Form by WPForms plugin to the latest available versions at least 1.4.8...
WordPress RSVPMaker plugin <= 5.6.3 - SQL Injection (SQLi) vulnerabilities
SQL Injection SQLi vulnerabilities found in WordPress RSVPMaker plugin versions = 5.6.3. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 5.6.4...
WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Yonatan Correa in WordPress UserPro premium plugin versions = 4.9.23. Solution Update the WordPress UserPro premium plugin to the latest available version at least 4.9.24...
WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Authenticated Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin versions = 4.6. Solution This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap...
WordPress Advanced Order Export For WooCommerce plugin <= 1.5.4 - CSV Injection vulnerability
CSV Injection vulnerability found by Bhushan Patil in WordPress Advanced Order Export For WooCommerce plugin versions = 1.5.4. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version at least 1.5.5...
WordPress Advance Search for WooCommerce plugin <= 1.0.9 - Stored Cross-site scripting (XSS) vulnerability
Stored Cross-site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Advance Search for WooCommerce plugin versions = 1.0.9. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...
WordPress WooCommerce Category Banner Management plugin <= 1.1.0 - Unauthenticated Settings Change Vulnerability
Unauthenticated Settings Change Vulnerability found by ThreatPress Research Team in WordPress WooCommerce Category Banner Management plugin versions = 1.1.0. Solution Update the WordPress WooCommerce Category Banner Management plugin to the latest available version at least 1.1.1...
WordPress WooCommerce Quick Reports plugin <= 1.0.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Quick Reports plugin versions = 1.0.6. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...
Google Drive for WordPress plugin <=2.2 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability found by Lenon Leite in Google Drive for WordPress plugin versions =2.2. Solution Attention! This plugin was closed on 2018 January 26 by WordPress security team and is no longer available for download. Deactivate and uninstall!...
WordPress File Upload plugin <=4.3.2 - Security Issue in plugin shortcodes
Security Issue in plugin shortcodes found in WordPress File Upload plugin versions =4.3.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.3.3...