46578 matches found
WordPress directory-pro Plugin < 1.9.5 is vulnerable to Privilege Escalation
Software directory-pro Type Plugin Vulnerable versions 1.9.5 Fixed in 1.9.5 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 27a5e48fd1cc Credits Omar Badran Required privilege...
WordPress BuddyPress Builder for Elementor – BuddyBuilder Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software BuddyPress Builder for Elementor – BuddyBuilder Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID 8a84cf645ad6...
WordPress WP Express Checkout (Accept PayPal Payments) Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)
Software WP Express Checkout Accept PayPal Payments Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1469 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8954f0fe6fa Credi...
WordPress Products Compare for WooCommerce Plugin <= 3.5.7.7 is vulnerable to Broken Access Control
Software Products Compare for WooCommerce Type Plugin Vulnerable versions = 3.5.7.7 Fixed in 3.5.7.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f7685c0ec49a Credits István...
WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Brilliance Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28171 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3d9a1effb3cc Credits Dave Jong Patchstack...
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin < 3.9.16 is vulnerable to Arbitrary File Upload
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions 3.9.16 Fixed in 3.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0477 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ad8cfc8bf738 Credits dc11 Required...
WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control
Software Wholesale Suite Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-34344 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a79154ee52a1 Credits Dave Jong Patchstack Requir...
WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...
WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection
Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...
WordPress Campaign URL Builder Plugin < 1.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Campaign URL Builder Type Plugin Vulnerable versions 1.8.2 Fixed in 1.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0538 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 650b985168de Credits Lana Codes...
WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...
WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0730 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a5e4047ba885 Credits Marco Wotschka...
WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Side Cart Woocommerce Ajax Type Plugin Vulnerable versions 2.1 Fixed in 2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45376 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eab543b53017 Credits Muhammad Daffa...
WordPress GS Products Slider for WooCommerce Plugin < 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software GS Products Slider for WooCommerce Type Plugin Vulnerable versions 1.5.9 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0492 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 912bee63a436 Credits...
WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...
WordPress Intuitive Custom Post Order Plugin <= 3.1.4.1 is vulnerable to SQL Injection
Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.4.1 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1016 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID bd23d6b4e595 Credits Wordfence Required privilege...
WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Name Directory Type Plugin Vulnerable versions = 1.27.1 Fixed in 1.27.2 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-22692 Patch priority Low CVSS severity Low 4.3 Developer Jeroen Peters PSID 97cd32d13c24 Credits NeginNrb Require...
WordPress Spectra Plugin <= 2.3.0 is vulnerable to Broken Access Control
Software Spectra Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23834 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8d689e47cd6 Credits István Márton Required privilege...
WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Participants Database Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47612 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2aed529173b0 Credits rezaduty...
WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pods Type Plugin Vulnerable versions = 2.9.10.2 Fixed in 2.9.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23790 Patch priority Low CVSS severity Low 7.1 Developer Pods Framework PSID f64545c57092 Credits Rafshanzani Suhada Required...
WordPress WP Go Maps Plugin <= 9.0.15 is vulnerable to Directory Traversal
Software WP Go Maps Type Plugin Vulnerable versions = 9.0.15 Fixed in 9.0.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Directory Traversal CVE CVE-2022-47595 Patch priority Low CVSS severity Low 4.9 Developer WP Go Maps PSID ce001c792740 Credits rezaduty Required privilege...
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)
Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...
WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection
Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...
WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control
Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...
WordPress Google Analytics by Monster Insights Plugin < 8.12.1 is vulnerable to Cross Site Scripting (XSS)
Software Google Analytics by Monster Insights Type Plugin Vulnerable versions 8.12.1 Fixed in 8.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0081 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 30ac1c972f6b Credi...
WordPress Annual Archive Plugin < 1.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Annual Archive Type Plugin Vulnerable versions 1.6.0 Fixed in 1.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0178 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e447b05c3b01 Credits Lana Codes Required...
WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)
Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...
WordPress Blog Designer - Post and Widget Plugin < 2.4.1 is vulnerable to Cross Site Scripting (XSS)
Software Blog Designer - Post and Widget Type Plugin Vulnerable versions 2.4.1 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4793 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4fed6181a18 Credits Istv...
WordPress Simple Sitemap – Create a Responsive HTML Sitemap Plugin < 3.5.8 is vulnerable to Cross Site Scripting (XSS)
Software Simple Sitemap – Create a Responsive HTML Sitemap Type Plugin Vulnerable versions 3.5.8 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4472 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...
WordPress statfort Theme < 10 is vulnerable to Arbitrary File Upload
Software statfort Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 68bfdf44186f Credits Joshua Small Required privilege...
WordPress Quizlord plugin <= 2.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Machupalli Sree Pragna in the WordPress Quizlord plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of November 22, 2022 and is not available for download. This closure is temporary, pending a ful...
WordPress ULTIMATE TABLES plugin <= 1.6.5 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability
Unauth. Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ULTIMATE TABLES plugin versions = 1.6.5. Solution No patched version is available. No reply from the vendor...
WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress WooSwipe WooCommerce Gallery plugin versions = 2.0.1. Solution No patched version is available. No reply from the vendor...
WordPress Add Multiple Marker plugin <= 1.2 - Missing Access Control vulnerability
Missing Access Control vulnerability leading to unauth. plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...
WordPress PostmagThemes Demo plugin <= 1.0.7 - Auth. Arbitrary File Upload vulnerability
Auth. Arbitrary File Upload vulnerability discovered by thunder.god.hhh in WordPress PostmagThemes Demo plugin versions = 1.0.7. Solution Deactivate and delete. This plugin has been closed as of November 10, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Testimonial Slider plugin versions = 1.3.1. Solution No patched version is available. No reply from the vendor...
WordPress Analytics for WP plugin <= 1.5.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Analytics for WP plugin versions = 1.5.1. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...
WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in WordPress 4ECPS Web Forms plugin versions = 0.2.17. Solution Update the WordPress 4ECPS Web Forms plugin to the latest available version at least 0.2.18...
WordPress Homepage Popup plugin <= 1.2.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika in the WordPress Homepage Pop-up plugin versions = 1.2.5. Solution No patched version is available. No reply from the vendor...
WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...
WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to enable/disable contact sync, plugin reset, account unlink, and email marketing settings change were discovered by Vlad Vector Patchstack in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creati...
WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability
Auth. Remote Code Execution vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...
WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...
WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities
Multiple Cross-Site Scripting CSRF vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress SEO Redirection Plugin plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 9.1...
WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability
Auth. Sensitive Data Exposure vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Phone Orders for WooCommerce plugin versions = 3.7.1. Solution Update the WordPress Phone Orders for WooCommerce plugin to the latest available version at least 3.7.2...
WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
Auth. Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...
WordPress Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Integration for Szamlazz.hu & WooCommerce plugin versions = 5.6.3.2. Solution Update the WordPress Integration for Szamlazz.hu & WooCommerce plugin to the latest available...