46578 matches found
WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability in the Search block discovered by Alex Concha WP Security team in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress Easy Digital Downloads plugin <= 2.11.7 - Arbitrary Post Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Post Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Easy Digital Downloads plugin versions = 2.11.7. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.0...
WordPress Account Manager for WooCommerce plugin <= 2.0.19 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to the export of sensitive information user id, first name, last name by the subscriber or higher role user discovered by WordPress Account Manager for WooCommerce plugin versions = 2.0.19. Solution No patched version is available. No reply from the...
WordPress PublishPress Capabilities plugin <= 2.5.1 - Auth. PHP Objection Injection vulnerability
Auth. PHP Objection Injection vulnerability discovered by Nguyen Pham Viet Nam in WordPress PublishPress Capabilities plugin versions = 2.5.1. Solution Update the WordPress PublishPress Capabilities plugin to the latest available version at least 2.5.2...
WordPress AdminPad plugin <= 2.1 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress AdminPad plugin versions = 2.1. Solution Update the WordPress AdminPad plugin to the latest available version at least 2.2...
WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability was discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Store Locator plugin versions = 1.4.5. Solution Update the WordPress Store Locator WordPress plugin to the latest available version at least 1.4.6...
WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability
Unauthenticated Plugin Settings Change vulnerability discovered by Rasi Affef in WordPress TH Advance Product Search plugin versions = 1.1.4. Solution Update the WordPress TH Advance Product Search plugin to the latest available version at least 1.1.5...
WordPress Meks Easy Social Share plugin <= 1.2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Meks Easy Social Share plugin versions = 1.2.7. Solution Update the WordPress Meks Easy Social Share plugin to the latest available version at least 1.2.8...
WordPress Simple File List plugin <= 4.4.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Simple File List plugin versions = 4.4.11. Solution Update the WordPress Simple File List plugin to the latest available version at least 4.4.12...
WordPress Download Monitor plugin <= 4.5.97 - Authenticated Arbitrary File Download vulnerability
Authenticated Arbitrary File Download vulnerability was discovered by Raad Haddad Cloudyrion GmbH in the WordPress Download Monitor plugin versions = 4.5.97. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.5.98...
WordPress NOTICE BOARD plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress NOTICE BOARD plugin versions = 1.1. Solution No patched version is available...
WordPress Ketchup Restaurant Reservations plugin <= 1.0.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Bastijn Ouwendijk in WordPress Ketchup Restaurant Reservations plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of August 29, 2022 and is not available for download. This closure is...
WordPress Scripts Organizer premium plugin < 3.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Ovidiu Maghetiu in WordPress Scripts Organizer premium plugin versions 3.0 Solution Update the WordPress Scripts Organizer plugin to the latest available version at least 3.0...
WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in the WordPress Meet My Team plugin versions = 2.0.5. Solution Deactivate and delete. No reply from the vendor...
WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress add2fav plugin versions = 1.0. Solution No patched version available...
WordPress Zephyr Project Manager plugin <= 3.2.42 - Unauthorized REST Calls to Stored Cross-Site Scripting (XSS) vulnerability
Unauthorized REST Calls to Stored Cross-Site Scripting XSS vulnerability discovered by WPScan in WordPress Zephyr Project Manager plugin versions = 3.2.42. Solution Update the WordPress Zephyr Project Manager plugin to the latest available version at least 3.2.5...
WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability
Unauthenticated Event Deletion vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Event Calendar – Calendar plugin versions = 1.4.6. Solution Update the WordPress Event Calendar – Calendar plugin to the latest available version at least 1.4.7...
WordPress Fast Flow Plugin <= 1.2.11 - Reflected Stored Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by p7e4 in Fast Flow plugin versions = 1.2.11 Solution Update the WordPress Fast Flow plugin to the latest available version at least 1.2.12...
WordPress Leaflet Maps Marker plugin <= 3.12.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Ihor Bliumental in WordPress Leaflet Maps Marker plugin versions = 3.12.4. Solution Update the WordPress Leaflet Maps Marker plugin to the latest available version at least 3.12.5...
WordPress Link Optimizer Lite plugin <= 1.4.5 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Hayato Takizawa in WordPress Link Optimizer Lite plugin versions = 1.4.5. Solution Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure...
WordPress Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting (XSS) vulnerability
Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Rezgo Online Booking versions = 4.1.7. Solution Update the WordPress Rezgo plugin to the latest available version at least 4.1.8...
WordPress WP-DBManager plugin <= 2.80.7 - Authenticated Remote Command Execution vulnerability
Authenticated Remote Command Execution vulnerability discovered by Raad Haddad in WordPress WP-DBManager plugin versions = 2.80.7. Solution Update the WordPress WP-DBManager plugin to the latest available version at least 2.80.8...
WordPress Featured Image from URL plugin <= 3.9.9 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin versions = 3.9.9. Solution Update the WordPress Featured Image from URL plugin to the latest available version at least 4.0.0...
WordPress 404s plugin <= 3.4.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vivek Kumar Jaiswal in WordPress 404s plugin versions = 3.4.9. Solution Update the WordPress 404s plugin to the latest available version at least 3.5.1...
WordPress WP Opt-in plugin <= 1.4.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress WP Opt-in plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of June 15, 2022 and is not available for download. This closure is temporary, pendin...
WordPress WP Paginate plugin <= 2.1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress WP Paginate plugin versions = 2.1.8. Solution Update the WordPress WP Paginate plugin to the latest available version at least 2.1.9...
WordPress SAML Single Sign On – SAML SSO Login plugin <= 4.9.20 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress SAML Single Sign On – SAML SSO Login plugin versions = 4.9.20. Solution Update the WordPress SAML Single Sign On – SAML SSO Login plugin to the latest available version at least 4.9.21...
WordPress Germanized for WooCommerce plugin <= 3.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Germanized for WooCommerce plugin versions = 3.9.4. Solution Update the WordPress Germanized for WooCommerce plugin to the latest available version at least 3.9.5...
WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerability
Sending Messages via Cross-Site Request Forgery CSRF vulnerability discovered by BEE-K Patchstack in WordPress Private Messages For WordPress plugin versions = 2.1.10. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is...
WordPress WP-CRM plugin <= 1.2.1 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Ankur Bakre in WordPress WP-CRM plugin versions = 1.2.1. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Useful Banner Manager plugin <= 1.6.1 - Modify banners via Cross-Site Request Forgery (CSRF) vulnerability
Modify banners via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Useful Banner Manager plugin versions = 1.6.1. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pendin...
WordPress Video Slider – Slider Carousel plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Video Slider – Slider Carousel plugin versions = 1.4.6. Solution Update the WordPress Video Slider – Slider Carousel plugin to the latest available version at least 1.4.8...
WordPress Logo Slider plugin <= 1.4.8 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Daniel Krohmer and Shi Chen in WordPress Logo Slider plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a full...
WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Maintenance plugin versions = 6.0.7. Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...
WordPress Cryptocurrency Widgets For Elementor plugin <=1.2.1 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Widgets For Elementor plugin versions =1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...
WordPress Limit Login Attempts (Spam Protection) plugin <= 4.9.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Limit Login Attempts Spam Protection plugin versions = 4.9.1. Solution Update the WordPress Limit Login Attempts Spam Protection plugin to the latest available version at least 5.1...
WordPress Bulk Creator plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Bulk Creator plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of February 16, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Cryptocurrency Product for WooCommerce plugin <= 3.14.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Cryptocurrency Product for WooCommerce plugin versions = 3.14.0. Solution Update the WordPress Cryptocurrency Product for WooCommerce plugin to the latest available version at least 3.14.6...
WordPress SLP – Extenders plugin < 5.9.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress SLP – Extenders plugin versions 5.9.1. Solution Update the WordPress SLP – Extenders plugin to the latest available version at least 5.9.1...
WordPress WooCommerce Role Based Pricing by Meow Crew plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Role Based Pricing by Meow Crew plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Role Based Pricing by Meow Crew plugin to the latest available version at least 1.0.2...
WordPress Smart Variations Images & Swatches for WooCommerce plugin < 5.1.10 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Smart Variations Images & Swatches for WooCommerce plugin versions 5.1.10. Solution Update the WordPress Smart Variations Images & Swatches for WooCommerce plugin to the latest available version at least 5.1.10...
WordPress Product Customer List for WooCommerce plugin < 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Customer List for WooCommerce plugin versions 3.0.0. Solution Update the WordPress Product Customer List for WooCommerce plugin to the latest available version at least 3.0.0...
WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...
WordPress Better Sharing plugin <= 1.7.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Better Sharing plugin versions = 1.7.1. Solution Update the WordPress Better Sharing plugin to the latest available version at least 1.7.2...
WordPress WPHobby Demo Import plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WPHobby Demo Import plugin versions = 1.1.2. Solution No patched version available...
WordPress SQL Reporting Services – SSRS Plugin for WordPress plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress SQL Reporting Services – SSRS Plugin for WordPress plugin versions = 1.0.3. Solution No patched version available...
WordPress Interactive Geo Maps plugin <= 1.5.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Interactive Geo Maps plugin versions = 1.5.3. Solution Update the Interactive Geo Maps plugin to the latest available version at least 1.5.4...
WordPress My Chatbot plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress My Chatbot plugin versions = 1.1. Solution No patched version available...
WordPress annasta Woocommerce Product Filters plugin < 1.5.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress annasta Woocommerce Product Filters plugin versions 1.5.0. Solution Update the WordPress annasta Woocommerce Product Filters plugin to the latest available version at least 1.5.0...
WordPress Ajax Live Search Plugin For WordPress plugin <= 2.3.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ajax Live Search Plugin For WordPress plugin versions = 2.3.7. Solution No patched version available...