46578 matches found
WordPress Simple Download Monitor plugin <= 3.9.5.1 - Unauthenticated Log Access vulnerability
Unauthenticated Log Access vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5.1. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...
WordPress Visual Form Builder plugin <= 3.0.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress Visual Form Builder plugin versions = 3.0.3. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.4...
WordPress Telefication vulnerability <= 1.8.0 - Open Relay and Server-Side Request Forgery vulnerability
Open Relay and Server-Side Request Forgery vulnerability discovered by Marco Wotschka & Charles Strader Sweethill in WordPress Telefication vulnerability versions = 1.8.0. Solution This plugin has been closed as of September 20, 2021 and is not available for download. This closure is temporary,...
WordPress One User Avatar plugin <= 2.3.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress One User Avatar plugin versions = 2.3.6. Solution Update the WordPress One User Avatar plugin to the latest available version at least 2.3.7...
WordPress Find My Blocks plugin <= 3.3.2 - Private Post Titles Disclosure vulnerability
Private Post Titles Disclosure vulnerability discovered by apple502j in WordPress Find My Blocks plugin versions = 3.3.2. Solution Update the WordPress Find My Blocks plugin to the latest available version at least 3.4.0...
WordPress Software License Manager plugin <= 4.5.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jetpack Scan Team in WordPress Software License Manager plugin versions = 4.5.0. Solution Update the WordPress Software License Manager plugin to the latest available version at least 4.5.1...
WordPress WP Academic People List plugin <= 0.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP Academic People List plugin versions = 0.4.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress Chained Quiz plugin <= 1.2.7.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Chained Quiz plugin versions = 1.2.7.1. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.2.7.1...
WordPress Appointment Hour Booking plugin <= 1.3.15 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Appointment Hour Booking plugin versions = 1.3.15. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.16...
WordPress CM Tooltip Glossary plugin <= 3.9.20 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress CM Tooltip Glossary plugin versions = 3.9.20. Solution Update the WordPress CM Tooltip Glossary plugin to the latest available version at least 3.9.21...
WordPress Meow Gallery plugin <= 4.1.8 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by apple502j in WordPress Meow Gallery plugin versions = 4.1.8. Solution Update the WordPress Meow Gallery plugin to the latest available version at least 4.1.9...
WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 2.8.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Recipe Card Blocks for Gutenberg & Elementor plugin versions = 2.8.2. Solution Update the WordPress Recipe Card Blocks for Gutenberg & Elementor plugin to the latest available version at least 2.8.3...
WordPress Opal Estate plugin <= 1.6.11 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Opal Estate plugin versions = 1.6.11. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...
WordPress AddToAny Share Buttons plugin <= 1.7.47 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by TYM in WordPress AddToAny Share Buttons plugin versions = 1.7.47. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.48...
WordPress Daily Prayer Time plugin <= 2021.08.07 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Daily Prayer Time plugin versions = 2021.08.07. Solution Update the WordPress Daily Prayer Time plugin to the latest available version at least 2021.08.10...
WordPress SpeakOut! Email Petitions plugin <= 2.13.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress SpeakOut! Email Petitions plugin versions = 2.13.1.1. Solution Update the WordPress SpeakOut! Email Petitions plugin to the latest available version at least 2.13.3...
WordPress Poll Maker plugin <= 3.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Xu-Liang Liao in WordPress Poll Maker plugin versions = 3.2.8. Solution Update the WordPress Poll Maker plugin to the latest available version at least 3.2.9...
WordPress Broken Link Manager plugin <= 0.6.5 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Broken Link Manager plugin versions = 0.6.5. Solution This plugin has been closed as of June 1, 2021 and is not available for download. Reason: Security Issue...
WordPress Cashtomer plugin <= 1.0.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Codevigilant in WordPress Cashtomer plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WordPress Charitable plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...
WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...
WordPress Marmoset Viewer plugin <= 1.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by John Jackson in WordPress Marmoset Viewer plugin versions = 1.9.2. Solution Update the WordPress Marmoset Viewer plugin to the latest available version at least 1.9.3...
WordPress RSVPMaker plugin <= 8.7.2 - Authenticated Server-Side Request Forgery (SSRF) vulnerability
Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Shreya Pohekar in WordPress RSVPMaker plugin versions = 8.7.2. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 8.7.3...
WordPress Any Hostname plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ABISHEIK M in WordPress Any Hostname plugin versions = 1.0.6. Solution Deactivate and delete. This plugin has been closed as of May 28, 2021 and is not available for download. Reason: Security Issue...
WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in File Uploader Component vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...
WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin versions = 1.0.13. Solution Update the WordPress Sign-up Sheets plugin to the latest available version at least 1.0.14...
WordPress Contact Form Plugin by Fluent Forms <= 3.6.65 - Cross-Site Request Forgery (CSRF) vulnerability leading to stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to stored Cross-Site Scripting XSS discovered by Ramuel Gall WordFence in WordPress Contact Form Plugin by Fluent Forms versions = 3.6.65. Solution Update the WordPress Contact Form Plugin by Fluent Forms to the latest available version at lea...
WordPress Filebird plugin 4.7.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Ravi Chandra in WordPress Filebird plugin version 4.7.3. Solution Update the WordPress Filebird plugin to the latest available version at least 4.7.4...
WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...
WordPress AcyMailing SMTP Newsletter plugin <= 7.4.1 - Unauthenticated Open Redirect vulnerability
Unauthenticated Open Redirect vulnerability discovered by Viktor Markopoulos WordPress AcyMailing SMTP Newsletter plugin versions = 7.4.1. Solution Update the WordPress AcyMailing SMTP Newsletter plugin to the latest available version at least 7.5.0...
WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...
WordPress Patreon WordPress plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.7.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.2...
WordPress 123ContactForm plugin <= 1.5.6 - Validation Bypass via Plugin Verification vulnerability
Validation Bypass via Plugin Verification vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27,...
WordPress Site Offline plugin <= 1.4.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities found in WordPress Site Offline plugin versions = 1.4.2. Solution Update the WordPress Site Offline plugin to the latest available version at least 1.4.4...
WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability
CSV Injection vulnerability found by Mohamad Pishdar in WordPress weForms plugin versions = 1.4.7. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...
WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability
XML-RPC Privilege Escalation vulnerability found by Justin Tran in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
WordPress TC Custom JavaScript plugin <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress TC Custom JavaScript plugin versions = 1.2.1. Solution Update the WordPress TC Custom JavaScript plugin to the latest available version at least 1.2.2...
WordPress Email Subscribers & Newsletters <= 4.5.0.1 - Authenticated SQL injection (SQLi) vulnerability
Authenticated SQL injection SQLi vulnerability found by Tenable in WordPress Email Subscribers & Newsletters versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters to the latest available version at least 4.5.1...
WordPress All In One SEO Pack plugin <= 3.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress All In One SEO Pack plugin versions = 3.6.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 3.6.2...
WordPress Testimonial Rotator plugin <= 3.0.2 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Vu Dong in WordPress Testimonial Rotator plugin versions = 3.0.2. Solution Update the WordPress Testimonial Rotator plugin to the latest available version at least 3.0.3...
WordPress PageLayer – Drag and Drop website builder plugin <= 1.1.1 - Unprotected AJAX and Nonce Disclosure to Stored Cross-Site Scripting (XSS)
Unprotected AJAX and Nonce Disclosure to Stored Cross-Site Scripting XSS discovered by WordFence in WordPress PageLayer – Drag and Drop website builder plugin versions = 1.1.1. Solution Update the WordPress PageLayer – Drag and Drop website builder plugin to the latest available version at least...
WordPress ThirstyAffiliates plugin <= 3.9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by minhtuanact in WordPress ThirstyAffiliates plugin versions = 3.9.2. Solution Update the WordPress ThirstyAffiliates plugin to the latest available version at least 3.9.3...
WordPress Advanced Order Export For WooCommerce plugin <= 3.1.3 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability discovered by Jack Misiura in WordPress Advanced Order Export For WooCommerce plugin versions = 3.1.3. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version at least 3.1.4...
WordPress IMPress for IDX Broker plugin <= 2.6.1 - Authenticated Post Creation, Modification, and Deletion vulnerability
Authenticated Post Creation, Modification, and Deletion vulnerability discovered by WordFence in WordPress IMPress for IDX Broker plugin versions = 2.6.1. Solution Update the WordPress IMPress for IDX Broker plugin to the latest available version at least 2.6.2...
WordPress wpCentral plugin <= 1.5.0 - Improper Access Control vulnerability leading to Privilege Escalation
Improper Access Control vulnerability leading to Privilege Escalation discovered by WordFence in WordPress wpCentral plugin versions = 1.5.0. Solution Update the WordPress wpCentral plugin to the latest available version at least 1.5.1...
WordPress RegistrationMagic plugin <= 4.6.0.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found by Spider Sec Ltd. in WordPress RegistrationMagic plugin versions = 4.6.0.1. Solution Update the WordPress Registration Magic plugin to the latest available version at least 4.6.0.3...
WordPress Merge + Minify + Refresh plugin <= 1.10.6 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by NinTechNet in WordPress Merge + Minify + Refresh plugin versions = 1.10.6. Solution Update the WordPress Merge + Minify + Refresh plugin to the latest available version at least 1.10.7...
WordPress Ultimate Addons for Beaver Builder <= 1.24.3 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered in WordPress Ultimate Addons for Beaver Builder versions = 1.24.3. Solution Update the WordPress Ultimate Addons for Beaver Builder to the latest available version at least 1.25.0...
WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability
Shortcode embedding system vulnerability found by Adham Sadaqah in WordPress Jetpack plugin versions =7.9. Solution Update the WordPress Jetpack plugin to the latest available version at least 7.9.1...