WordPress Logo Slider plugin <= 1.4.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Daniel Krohmer and Shi Chen in WordPress Logo Slider plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Maintenance plugin versions = 6.0.7. Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...

WordPress SiteSuperCharger plugin <= 5.1.10 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress SiteSuperCharger plugin versions = 5.1.10. Solution Update the WordPress SiteSuperCharger plugin to the latest available version at least 5.2.0...

WordPress Wbcom Designs – BuddyPress Search plugin <= 1.2.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Search plugin versions = 1.2.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closur...

WordPress Wbcom BuddyPress Sticky Post premium plugin <= 1.9.7 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress BuddyPress Sticky Post premium plugin versions = 1.9.7. Solution Update the WordPress BuddyPress Sticky Post premium plugin to the latest available version at least 1.9.9...

WordPress Wbcom Designs – BuddyPress Activity Filter plugin <= 2.7.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Activity Filter plugin versions = 2.7.0. Solution Update the WordPress Wbcom Designs – BuddyPress Activity Filter plugin to the latest available version at...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.4 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin versions = 2.4. Solution Update the WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin to the latest available version at...

WordPress The Events Calendar Widgets For Elementor plugin <= 1.4.3 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Widgets For Elementor plugin versions = 1.4.3. Solution Update the WordPress The Events Calendar Widgets For Elementor plugin to the latest available version at least 1.5...

WordPress Event Single Page Templates Addon For The Events Calendar plugin <= 1.5 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Event Single Page Templates Addon For The Events Calendar plugin versions = 1.5. Solution Update the WordPress Event Single Page Templates Addon For The Events Calendar plugin to the latest available...

WordPress Multilist Subscribe for Sendy plugin <= 1.6.1 - Subscriber+ Arbitrary Options Update vulnerability

Subscriber+ Arbitrary Options Update vulnerability discovered by 0xdecafbad in WordPress Multilist Subscribe for Sendy plugin versions = 1.6.1. Solution Deactivate and delete. This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending ...

WordPress Postmatic plugin <= 2.2.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Postmatic plugin versions = 2.2.8. Solution Update the WordPress Postmatic plugin to the latest available version at least 2.2.9...

WordPress FooGallery plugin <= 2.1.33 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress FooGallery plugin versions = 2.1.33. Solution Update the WordPress FooGallery plugin to the latest available version at least 2.1.34...

WordPress Advanced Booking Calendar plugin <= 1.6.9 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Advanced Booking Calendar plugin versions = 1.6.9. Solution Update the WordPress Advanced Booking Calendar plugin to the latest available version at least 1.7.0...

WordPress WP Frontend Profile plugin <= 1.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Frontend Profile plugin versions = 1.2.5. Solution Update the WordPress WP Frontend Profile plugin to the latest available version at least 1.2.6...

WordPress TinyMCE Annotate plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress TinyMCE Annotate plugin versions = 1.1.2. Solution No patched version available...

WordPress Easy Code Snippets plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Easy Code Snippets plugin versions = 1.0.0. Solution Update the WordPress Easy Code Snippets plugin to the latest available version at least 1.0.1...

WordPress Affiliate Link Builder Plugin for Amazon Associates – Review Engine plugin <= 1.0.41 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Affiliate Link Builder Plugin for Amazon Associates – Review Engine plugin versions = 1.0.41. Solution No patched version available...

WordPress Online Booking for Barbershops and Salons plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Online Booking for Barbershops and Salons plugin versions = 1.0.0. Solution No patched version available...

WordPress WordPress Slideshow Gallery Plugin – Easy Slideshow plugin <= 1.2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Slideshow Gallery Plugin – Easy Slideshow plugin versions = 1.2.1. Solution No patched version available...

WordPress Super Notes – create Admin Notes with ease plugin <= 1.2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Super Notes – create Admin Notes with ease plugin versions = 1.2.1. Solution No patched version available...

WordPress Flight Search Widget and Blocks plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Flight Search Widget and Blocks plugin versions = 1.1.0. Solution No patched version available...

WordPress WP Lead Stream plugin <= 1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Lead Stream plugin versions = 1.2. Solution No patched version available...

WordPress Grid & Styler For Contact Form 7 And Divi plugin <= 1.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Grid & Styler For Contact Form 7 And Divi plugin versions = 1.4.0. Solution Update the WordPress Grid & Styler For Contact Form 7 And Divi plugin to the latest available version at least 1.4.1...

WordPress Duplicate Variations for Woocommerce plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Duplicate Variations for Woocommerce plugin versions = 1.0.1. Solution No patched version available...

WordPress WS Bootstrap plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WS Bootstrap plugin versions = 1.0.2. Solution No patched version available...

WordPress Bulk Attachment Download plugin < 1.3.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Bulk Attachment Download plugin versions 1.3.5. Solution Update the WordPress Bulk Attachment Download plugin to the latest available version at least 1.3.5...

WordPress Delivery Drivers Manager plugin <= 1.1.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Delivery Drivers Manager plugin versions = 1.1.5. Solution Update the WordPress Delivery Drivers Manager plugin to the latest available version at least 1.1.6...

WordPress Drip Feed Content Extended for Learndash plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Drip Feed Content Extended for Learndash plugin versions = 1.1. Solution No patched version available...

WordPress Battle Suit for Divi plugin <= 1.17.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Battle Suit for Divi plugin versions = 1.17.0. Solution No patched version available...

WordPress Blocksy Companion plugin < 1.8.20 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Blocksy Companion plugin versions 1.8.20. Solution Update the WordPress Blocksy Companion plugin to the latest available version at least 1.8.20...

WordPress Auto Post WooCommerce Products plugin <= 2.1.60 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Auto Post WooCommerce Products plugin versions = 2.1.60. Solution No patched version available...

WordPress Categorify – WordPress Media Library Category & File Manager plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Categorify – WordPress Media Library Category & File Manager plugin versions = 1.0.4. Solution Update the WordPress Categorify – WordPress Media Library Category & File Manager plugin to the latest available version at least...

WordPress Advanced WP Table plugin <= 1.2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Advanced WP Table plugin versions = 1.2.0. Solution Update the WordPress Advanced WP Table plugin to the latest available version at least 1.2.1...

WordPress FiboSearch – Ajax Search for WooCommerce plugin < 1.17.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FiboSearch – Ajax Search for WooCommerce plugin versions 1.17.0. Solution Update the WordPress FiboSearch – Ajax Search for WooCommerce plugin to the latest available version at least 1.17.0...

WordPress AnyWhere Elementor plugin < 1.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress AnyWhere Elementor plugin versions 1.2.5. Solution Update the WordPress AnyWhere Elementor plugin to the latest available version at least 1.2.5...

WordPress Advanced WC Analytics – Google Analytics Dashboard for WooCommerce plugin < 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Advanced WC Analytics – Google Analytics Dashboard for WooCommerce plugin versions 3.0.0. Solution Update the WordPress Advanced WC Analytics – Google Analytics Dashboard for WooCommerce plugin to the...

WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.15.13 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Knowledge Base documentation & wiki plugin – BasePress plugin versions = 2.15.13. Solution Update the WordPress Knowledge Base documentation & wiki plugin – BasePress plugin to the latest available version at least 2.15.14...

WordPress Better Messages – WCFM Integration plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Better Messages – WCFM Integration plugin versions = 1.0.5. Solution Update the WordPress Better Messages – WCFM Integration plugin to the latest available version at least 1.0.6...

WordPress Easy Settings for LearnDash plugin <= 1.2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Easy Settings for LearnDash plugin versions = 1.2.1. Solution Update the WordPress Easy Settings for LearnDash plugin to the latest available version at least 1.3.0...

WordPress Map Plugin alternative to Google Maps using MapQuest, with directions plugin <= 2.15.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Map Plugin alternative to Google Maps using MapQuest, with directions plugin versions = 2.15.7. Solution Update the WordPress Map Plugin alternative to Google Maps using MapQuest, with directions plugi...

WordPress Gyta BuyBack plugin <= 1.1.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Gyta BuyBack plugin versions = 1.1.6. Solution Update the WordPress Gyta BuyBack plugin to the latest available version at least 1.1.7...

WordPress Front End PM plugin < 11.3.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Front End PM plugin versions 11.3.4. Solution Update the WordPress Front End PM plugin to the latest available version at least 11.3.4...

WordPress Frontend group restriction for LearnDash plugin <= 1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Frontend group restriction for LearnDash plugin versions = 1.1. Solution No patched version available...

WordPress Go Dash – Makes Your Dashboard Fast plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Go Dash – Makes Your Dashboard Fast plugin versions = 1.0.4. Solution No patched version available...

WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin <= 1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin versions = 1.4. Solution Update the WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin to the latest available version at least 2.0...

WordPress Integrate Automate – WordPress, WooCommerce & CF7 for IFTTT, Zapier, Automate.io other API glue Platforms plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Integrate Automate – WordPress, WooCommerce & CF7 for IFTTT, Zapier, Automate.io other API glue Platforms plugin versions = 1.0.0. Solution Update the WordPress Integrate Automate – WordPress, WooCommerce & CF7 for IFTTT,...

WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL plugin <= 3.5.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL plugin versions = 3.5.9. Solution Update the WordPress Floating Social Share Icons and Social Share buttons – Next...

WordPress Feedpress Generator plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Feedpress Generator plugin versions = 1.0.1. Solution Update the WordPress Feedpress Generator plugin to the latest available version at least 1.2.0...

WordPress Five-Star Ratings Shortcode plugin < 1.2.39 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Five-Star Ratings Shortcode plugin versions 1.2.39. Solution Update the WordPress Five-Star Ratings Shortcode plugin to the latest available version at least 1.2.39...

WordPress Custom Login Page Customizer plugin <= 2.1.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Custom Login Page Customizer plugin versions = 2.1.7. Solution Update the WordPress Custom Login Page Customizer Plugin for WooCommerce plugin to the latest available version at least 2.1.8...