WordPress Vulnerability Database - Patchstack

Vulnerability Database

WordPress Vulnerability Database

Hand curated, verified and enriched WordPress vulnerability information

This month's Patchstack Red Team findings:

9

Last month's Patchstack Red Team findings:

156

Software

Vulnerability

Type

Version

Published

PowerPress Podcasting

Medium Severity

4.8

WordPress PowerPress Podcasting plugin <= 8.6.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities

Medium Severity

4.8

Plugin

<= 8.6.1

2021-05-14

Critical Severity

9.9

WordPress External Media plugin <= 1.0.33 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Critical Severity

9.9

Plugin

<= 1.0.33

2021-05-13

Critical Severity

9.8

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

Critical Severity

9.8

WordPress

<= 5.7.1

2021-05-13

Medium Severity

5.4

WordPress LMS by LifterLMS plugin <= 4.21.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 4.21.0

2021-05-10

Medium Severity

4.7

WordPress LifterLMS plugin <= 4.21.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.7

Plugin

<= 4.21.0

2021-05-10

All In One SEO Pack

Medium Severity

5.5

WordPress All In One SEO Pack plugin <= 4.1.0.1 - Authenticated Remote Code Execution (RCE) vulnerability

Medium Severity

5.5

Plugin

<= 4.1.0.1

2021-05-09

ReDi Restaurant Reservation

Medium Severity

6.1

WordPress ReDi Restaurant Reservation plugin <= 21.0307 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 21.0307

2021-05-09

Simple Giveaways

Medium Severity

6.1

WordPress Simple Giveaways plugin <= 2.36.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 2.36.1

2021-05-09

Ultimate Member

Medium Severity

5.4

WordPress Ultimate Member plugin <= 2.1.19 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 2.1.19

2021-05-07

Leads 5050 Visitor Insights

Medium Severity

4.3

WordPress Leads 5050 Visitor Insights plugin <= 1.0.5 - Unauthorized License Change vulnerability

Medium Severity

4.3

Plugin

<= 1.0.5

2021-05-07

DSGVO All in one for WP

Medium Severity

6.1

WordPress DSGVO All in one for WP plugin <= 3.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 3.9

2021-05-07

High Severity

7.5

WordPress UltimateWoo plugin <= 0.1.10 - PHP Object Injection vulnerability

High Severity

7.5

Plugin

<= 0.1.10

2021-05-07

MalCare Security

Medium Severity

4.8

WordPress MalCare Security plugin <= 4.57 - Authenticated Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.8

Plugin

<= 4.57

2021-05-05

Hana Flv Player

Medium Severity

5.4

WordPress Hana Flv Player plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 3.1.3

2021-05-05

Ship To eCourier

Medium Severity

6.3

WordPress Ship To eCourier plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability allowing Plugin Settings Update

Medium Severity

6.3

Plugin

<= 1.0.1

2021-05-05

Simple Admin Language Change

Medium Severity

4.3

WordPress Simple Admin Language Change plugin <= 2.0.1 - Arbitrary User Locale Change vulnerability

Medium Severity

4.3

Plugin

<= 2.0.1

2021-05-05

WP Customer Reviews

Medium Severity

5.4

WordPress WP Customer Reviews plugin <= 3.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 3.5.5

2021-05-04

Medium Severity

5.4

WordPress Autoptimize plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 2.8.3

2021-05-04

Hotjar Connecticator

Medium Severity

5.4

WordPress Hotjar Connecticator plugin <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 1.1.1

2021-05-04

Spam protection, AntiSpam, FireWall by CleanTalk

High Severity

7.5

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability

High Severity

7.5

Plugin

<= 5.153.3

2021-05-03

Newer entries Older entries

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.