46578 matches found
WordPress WP Table Builder – WordPress Table Plugin plugin < 1.3.16 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP Table Builder – WordPress Table Plugin plugin versions 1.3.16. Solution Update the WordPress WP Table Builder – WordPress Table Plugin plugin to the latest available version at least 1.3.16...
WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin < 1.7.13 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin versions 1.7.13. Solution Update the WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin to the latest available version at least 1.7.13...
WordPress Slider Plugin – Block Slider plugin <= 1.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Slider Plugin – Block Slider plugin versions = 1.2.9. Solution Update the WordPress Slider Plugin – Block Slider plugin to the latest available version at least 2.0.0...
WordPress Go Fetch Jobs (for JobEngine) plugin <= 1.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Go Fetch Jobs for JobEngine plugin versions = 1.0. Solution No patched version available...
WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.2.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Custom WooCommerce Checkout Fields Editor plugin versions = 1.2.5. Solution Update the WordPress Custom WooCommerce Checkout Fields Editor plugin to the latest available version at least 1.2.7...
WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin <= 30.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin versions = 30.2.0. Solution Update the WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin to the latest available version at least 30.3.0...
WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Premmerce Wishlist for WooCommerce plugin versions = 1.1.7. Solution Update the WordPress Premmerce Wishlist for WooCommerce plugin to the latest available version at least 1.1.8...
WordPress Feedpress Generator plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Feedpress Generator plugin versions = 1.0.1. Solution Update the WordPress Feedpress Generator plugin to the latest available version at least 1.2.0...
WordPress TK Google Fonts GDPR Compliant plugin <= 2.2.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress TK Google Fonts GDPR Compliant plugin versions = 2.2.0. Solution Update the WordPress TK Google Fonts GDPR Compliant plugin to the latest available version at least 2.2.1...
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress WP Google Map plugin versions = 4.2.3. Solution Update the WordPress WP Google Map plugin to the latest available version at least 4.2.4...
WordPress Simple Quotation plugin <= 1.3.2 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability
Unauthorized AJAX Calls vulnerability discovered by Jan w Oleju in WordPress Relevanssi – A Better Search plugin versions = 4.14.5. Solution Update the WordPress Relevanssi – A Better Search plugin to the latest available version at least 4.14.6...
WordPress Superforms premium plugin <= 6.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Superforms premium plugin versions = 6.0.3. Solution Update the WordPress Superforms premium plugin to the latest available version at least 6.0.4...
WordPress ScrollMe theme <= 2.1.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress AnyComment plugin <= 0.2.17 - Arbitrary HyperComments Import/Revert via CSRF vulnerability
Arbitrary HyperComments Import/Revert via CSRF vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.2.17. Solution Update the WordPress AnyComment plugin to the latest available version at least 0.2.18...
WordPress Translation Exchange plugin <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja D Shirke in WordPress Translation Exchange plugin versions = 1.0.14. Solution Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary,...
WordPress FeedWordPress plugin <= 2021.0713 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Hung Chien in WordPress FeedWordPress plugin versions = 2021.0713. Solution Update the WordPress FeedWordPress plugin to the latest available version at least 2022.0123...
WordPress CLUEVO LMS, E-Learning Platform plugin <= 1.8.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja D Shirke in WordPress CLUEVO LMS, E-Learning Platform plugin versions = 1.8.0. Solution Update the WordPress CLUEVO LMS, E-Learning Platform plugin to the latest available version at least 1.8.1...
WordPress SEUR Oficial plugin <= 1.7.1 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by José Aguilera in WordPress SEUR Oficial plugin versions = 1.7.1. Solution Update the WordPress SEUR Oficial plugin to the latest available version at least 1.7.2...
WordPress WP Photo Album Plus plugin <= 8.0.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress WP Photo Album Plus plugin versions = 8.0.9. Solution Update the WordPress WP Photo Album Plus plugin to the latest available version at least 8.0.10...
WordPress Error Log Viewer plugin <= 1.1.1 - Arbitrary Text File Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Text File Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Error Log Viewer plugin versions = 1.1.1. Solution Update the WordPress Error Log Viewer plugin to the latest available version at least 1.1.2...
WordPress Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion
Unauthenticated Arbitrary Post Deletion discovered by Francesco Carlucci in WordPress Orange Form versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress LabTools plugin <= 1.0 - Arbitrary Publication Deletion vulnerability
Arbitrary Publication Deletion vulnerability discovered by Muhammad Adel in WordPress LabTools plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress WPparallax theme <= 2.0.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WPparallax theme versions = 2.0.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress EightStore Lite theme <= 1.2.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress EightStore Lite theme versions = 1.2.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...
WordPress Eight Sec theme <= 1.1.4 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Eight Sec theme versions = 1.1.4. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores t...
WordPress SEUR Oficial plugin <= 1.6.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress SEUR Oficial plugin versions = 1.6.0. Solution Update the WordPress SEUR Oficial plugin to the latest available version at least 1.7.0...
WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.7.7 - Authenticated Post Deletion vulnerability
Authenticated Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Qubely – Advanced Gutenberg Blocks plugin versions = 1.7.7. Solution Update the WordPress Qubely – Advanced Gutenberg Blocks plugin to the latest available version at least 1.7.8...
WordPress Landing Page Builder plugin <= 1.4.9.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Landing Page Builder plugin versions = 1.4.9.5. Solution Update the WordPress Landing Page Builder plugin to the latest available version at least 1.4.9.6...
WordPress myghpay WooCommerce Payment Gateway plugin <= 3.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress myghpay WooCommerce Payment Gateway plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of December 13, 2021 and is not available for download. This closure is temporary, pending a...
WordPress Site Reviews plugin <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Site Reviews plugin versions = 5.17.2. Solution Update the WordPress Site Reviews plugin to the latest available version at least 5.17.3...
WordPress FotoGraphy theme <= 2.4.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress FotoGraphy theme versions = 2.4.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...
WordPress Tickera plugin <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajit Bhatta in WordPress Tickera plugin versions = 3.4.8.2. Solution Update the WordPress Tickera plugin to the latest available version at least 3.4.8.3...
WordPress WCFM Marketplace plugin <= 3.4.11 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WCFM Marketplace plugin versions = 3.4.11. Solution Update the WordPress WCFM Marketplace plugin to the latest available version at least 3.4.12...
WordPress Child Theme Generator plugin <= 2.2.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Child Theme Generator plugin versions = 2.2.7. Solution Deactivate and delete. This plugin has been closed as of November 18, 2021 and is not available for download. Reason: Security Issue...
WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Block Import leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin versions = 2.7.0. Solution Update the WordPress Starter Templates plugin to the latest available version at least 2.7.1...
WordPress Bookly plugin <= 20.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mesut Cetin in WordPress Bookly plugin versions = 20.3. Solution Update the WordPress Bookly plugin to the latest available version at least 20.3.1...
WordPress Email Tracker plugin <= 5.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion
Cross-Site Request Forgery CSRF vulnerabilities leading to single or bulk e-mail entries deletion discovered by Ex.Mi Patchstack in WordPress Email Tracker plugin versions = 5.2.6. Solution Update the WordPress Email Tracker plugin to the latest available version at least 5.2.7...
WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.3.20 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall WordFence in WordPress NextScripts: Social Networks Auto-Poster plugin versions = 4.3.20. Solution Update the WordPress NextScripts: Social Networks Auto-Poster plugin to the latest available version at least 4.3.21...
WordPress Popup Anything plugin <= 2.0.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Vishnupriya Ilango in WordPress Popup Anything plugin versions = 2.0.3. Solution Update the WordPress Popup Anything plugin to the latest available version at least 2.0.4...
WordPress Leaky Paywall plugin <= 4.16.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Leaky Paywall plugin versions = 4.16.5. Solution Update the WordPress Leaky Paywall plugin to the latest available version at least 4.16.6...
WordPress Simple JWT Login plugin <= 3.2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Settings Update / Site Takeover
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Settings Update / Site Takeover discovered by apple502j in WordPress Simple JWT Login plugin versions = 3.2.0. Solution Update the WordPress Simple JWT Login plugin to the latest available version at least 3.2.1...
WordPress YOP Poll plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability via Preview Module
Stored Cross-Site Scripting XSS vulnerability via Preview Module discovered by Vishnupriya Ilango in WordPress YOP Poll plugin versions = 6.3.0. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.3.1...
WordPress Business Manager plugin <= 1.4.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Business Manager plugin versions = 1.4.5. Solution Update the WordPress Business Manager plugin to the latest available version at least 1.4.6...
WordPress Testimonial plugin <= 1.5.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Testimonial plugin versions = 1.5.9. Solution Update the WordPress Testimonial plugin to the latest available version at least 1.6.0...
WordPress Header Footer Code Manager plugin <= 1.1.13 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Header Footer Code Manager plugin versions = 1.1.13. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.14...
WordPress Support Board plugin <= 3.3.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by John Jefferson Li in WordPress Support Board plugin versions = 3.3.4. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.5...
WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by John Castro Pagely in WordPress Comment Engine Pro plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. Reason: Security Issue...
WordPress Perfect Survey plugin <= 1.5.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Perfect Survey plugin versions = 1.5.0. Solution Vulnerability fixed in 1.5.2 version, but plugin closed due to other security issues. This plugin has been closed as of October 5, 2021 and is not available for...
WordPress Simple Download Monitor plugin <= 3.9.5.1 - Unauthenticated Log Access vulnerability
Unauthenticated Log Access vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5.1. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...