Lana Codes

Twitter Github Website

Buy me a coffee ☕

28 November, 2022

Alliance XP

1507.78

Contributions

483

Contributions 483

Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

CP Blocks <= 1.0.20 CSRF Leading to Plugin Settings Change Vulnerability

+5.4 AXP

5.4

5 September, 2023

Plugin

WooCommerce Conversion Tracking <= 2.0.10 CrossSite Request Forgery (CSRF) vulnerability

+12.9 AXP

4.3

4 September, 2023

Plugin

weMail <= 1.14.1 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

4 September, 2023

Plugin

Legal Pages <= 1.3.8 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

4 September, 2023

Plugin

Directorist <= 7.7.1 Broken Access Control

+4.3 AXP

4.3

4 September, 2023

Plugin

Texty – SMS Notification for WordPress, WooCommerce, Dokan and more <= 1.1.1 CrossSite Request Forgery (CSRF)

+4.3 AXP

4.3

4 September, 2023

Plugin

Exclusive Team for Elementor <= 1.2.4 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

4 September, 2023

Plugin

WordPress CTA <= 1.5.6 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

4 September, 2023

Plugin

Product Category Showcase for WooCommerce <= 1.1.9 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

4 September, 2023

Plugin

weDocs – Knowledgebase and Documentation Plugin for WordPress <= 1.7.5 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

4 September, 2023

Plugin

WP Project Manager <= 2.6.0 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

4 September, 2023

Plugin

GS Logo Slider <= 3.4.2 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

4 September, 2023

Plugin

Unlimited Elementor Inner Sections By BoomDevs < 1.0.0 CrossSite Request Forgery vulnerability

+4.3 AXP

4.3

4 September, 2023

Plugin

Font Awesome 4 Menus <= 4.7.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.4

4 September, 2023

Plugin

Slimstat Analytics <= 5.0.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

29 August, 2023

Plugin

AffiliateWP 2.14.0 Missing Authorization to Auth. Arbitrary Plugin Activation

+0 AXP

4.3

29 August, 2023

Plugin

Email Encoder Bundle <= 2.1.7 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

29 August, 2023

Plugin

Charitable <= 1.7.0.12

+0 AXP

9.8

22 August, 2023

Plugin

Printful Integration for WooCommerce <= 2.2.3 Cross Site Request Forgery (CSRF)

+12.9 AXP

4.3

11 August, 2023

Plugin

Futurio Extra <= 1.8.4 Cross Site Request Forgery (CSRF)

+13 AXP

6.5

11 August, 2023

Plugin

WP HTML Mail <= 3.4.1 Cross Site Request Forgery (CSRF)

+5.4 AXP

5.4

11 August, 2023

Plugin

MailChimp Forms by MailMunch <= 3.1.4 Broken Access Control

+8.6 AXP

4.3

11 August, 2023

Plugin

WP Project Manager <= 2.6.4 Arbitrary Usermeta Update to Authenticated Privilege Escalation

+0 AXP

8.8

9 August, 2023

Plugin

The Post Grid <= 7.2.7 Cross Site Request Forgery (CSRF) Leading To CSS Change Vulnerability

+10.8 AXP

5.4

7 August, 2023

Plugin

WP Ultimate CSV Importer <= 7.9.8 Authenticated Arbitrary Usermeta Update to Privilege Escalation vulnerability

+0 AXP

6.6

3 August, 2023

Plugin

WP Ultimate CSV Importer <= 7.9.8 Sensitive Information Exposure via Directory Listing vulnerability

+0 AXP

7.5

3 August, 2023

Plugin

WP Ultimate CSV Importer <= 7.9.8 Authenticated PHP file upload to RCE vulnerability

+0 AXP

8.0

3 August, 2023

Plugin

WP Ultimate CSV Importer <= 7.9.8 Authenticated Remote Code Execution vulnerability

+0 AXP

8.0

3 August, 2023

Plugin

JupiterX Core <= 2.5.0 Unauth. Arbitrary File Download vulnerability

+0 AXP

7.5

20 July, 2023

Plugin

Social Share Icons & Social Share Buttons <= 3.5.7 Broken Access Control

+8.6 AXP

4.3

20 July, 2023

Plugin

Advanced AJAX Product Filters <= 1.6.3.3 Broken Access Control + CSRF

+16.2 AXP

5.4

12 July, 2023

Plugin

Exit Popups & Onsite Retargeting by OptiMonk <= 2.0.4 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

11 July, 2023

Plugin

Classified Listing <= 2.4.5 Cross Site Request Forgery (CSRF) Leading To Thumbnail Removal Vulnerability

+5.4 AXP

5.4

5 July, 2023

Plugin

Media Library Helper by Codexin <= 1.2.0 Cross Site Request Forgery (CSRF)

+1.35 AXP

5.4

5 July, 2023

Plugin

ND Shortcodes For Visual Composer < 7.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

4 July, 2023

Plugin

User Registration <= 3.0.2 Authenticated Arbitrary File Upload vulnerability

+0 AXP

9.9

4 July, 2023

Plugin

Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 Authentication Bypass vulnerability

+0 AXP

9.8

30 June, 2023

Plugin

SP Project & Document Manager <= 4.67 Auth. Insecure Direct Object Reference vulnerability

+0 AXP

8.8

30 June, 2023

Plugin

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 Authentication Bypass Vulnerability

+0 AXP

9.8

28 June, 2023

Plugin

Salon booking system <= 8.4.7 CrossSite Request Forgery (CSRF) vulnerability

4.3

27 June, 2023

Plugin

LearnDash LMS <= 4.6.0

8.8

27 June, 2023

Plugin

Contact Form & Lead Form Elementor Builder <= 1.8.4 Broken Access Control vulnerability

+5.4 AXP

5.4

27 June, 2023

Plugin

Th Product Compare <= 1.2.5 Broken Access Control vulnerability

+5.4 AXP

5.4

27 June, 2023

Plugin

EmbedPress <= 3.7.3 Sensitive Information Exposure vulnerability

5.3

26 June, 2023

Plugin

Lana Text to Image <= 1.0.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.4

23 June, 2023

Plugin

BookIt <= 2.3.7 Authentication Bypass Vulnerability

+0 AXP

9.8

20 June, 2023

Plugin

myCred <= 2.5 Cross Site Request Forgery (CSRF)

+5.4 AXP

5.4

15 June, 2023

Plugin

Abandoned Cart Lite for WooCommerce <= 5.14.2 Authentication Bypass Vulnerability

9.8

6 June, 2023

Plugin

Page Builder with Image Map by AZEXO <= 1.27.133 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

6.3

5 June, 2023

Plugin

Page Builder with Image Map by AZEXO <= 1.27.133 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.4

5 June, 2023

Plugin

Page Builder with Image Map by AZEXO <= 1.27.133 Missing Authorization to Post Creation vulnerability

5.4

5 June, 2023

Plugin

Page Builder with Image Map by AZEXO <= 1.27.133 CrossSite Request Forgery to Stored CrossSite Scripting (XSS) vulnerability

6.1

5 June, 2023

Plugin

WP User Switch <= 1.0.2 Authentication Bypass via Cookie vulnerability

8.8

4 June, 2023

Plugin

WP Hide Post <= 2.0.10 Cross Site Request Forgery (CSRF) Leading To Post Status Change Vulnerability

+4.3 AXP

4.3

3 June, 2023

Plugin

Cart2Cart: Magento to WooCommerce Migration <= 2.0.0 Broken Access Control

+5.4 AXP

5.4

3 June, 2023

Plugin

Change WooCommerce Add To Cart Button Text <= 1.3 Broken Access Control

+5.4 AXP

5.4

3 June, 2023

Plugin

Kebo Twitter Feed <= 1.5.12 Cross Site Request Forgery (CSRF)

+5.4 AXP

5.4

3 June, 2023

Plugin

WPC Smart Wishlist for WooCommerce <= 4.7.1 Cross Site Request Forgery (CSRF) vulnerability

+12.9 AXP

4.3

3 June, 2023

Plugin

Constant Contact Forms <= 2.0.3 Broken Access Control vulnerability

+6.2 AXP

4.3

3 June, 2023

Plugin

Social Media & Share Icons <= 2.8.1 Broken Access Control + CSRF

+21.5 AXP

4.3

2 June, 2023

Plugin

Drop Shadow Boxes <= 1.7.10 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

29 May, 2023

Plugin

Download Theme <= 1.0.9 CrossSite Request Forgery (CSRF) vulnerability

4.3

24 May, 2023

Plugin

Download Plugin <= 2.0.4 CrossSite Request Forgery (CSRF) vulnerability

4.3

24 May, 2023

Plugin

OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 Broken Authentication vulnerability

+0 AXP

8.8

24 May, 2023

Plugin

Waiting: One-click countdowns <= 0.6.2 click countdowns plugin <= 0.6.2 Authenticated (Subscriber+) Stored CrossSite Scripting vulnerability

6.5

17 May, 2023

Plugin

OTP Login Woocommerce & Gravity Forms <= 2.2 Authentication Bypass to Privilege Escalation vulnerability

8.1

16 May, 2023

Plugin

BuddyForms <= 2.8.1 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

12 May, 2023

Plugin

WP Reactions Lite <= 1.3.8 Cross Site Request Forgery (CSRF)

+5.4 AXP

5.4

11 May, 2023

Plugin

WP-Chatbot for Messenger <= 4.7 Chatbot for Messenger plugin <= 4.7 Broken Access Control

+5.4 AXP

5.4

11 May, 2023

Plugin

Soundcloud Is Gold <= 2.5.1 Broken Access Control

+4.3 AXP

4.3

11 May, 2023

Plugin

Forget About Shortcode Buttons <= 2.1.2 Cross Site Request Forgery (CSRF) vulnerability

+10.6 AXP

5.3

11 May, 2023

Plugin

Portfolio Gallery – Responsive Image Gallery <= 1.4.6 Broken Access Control vulnerability

+7.5 AXP

7.5

11 May, 2023

Plugin

WP Category Post List Widget <= 2.0.3 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

11 May, 2023

Plugin

Add Posts to Pages <= 1.4.1 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

11 May, 2023

Plugin

Owl Carousel <= 0.5.3 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

11 May, 2023

Plugin

Pinterest RSS Widget <= 2.3.1 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

11 May, 2023

Plugin

Brands for WooCommerce <= 3.7.0.6 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

9 May, 2023

Plugin

Easy Appointments <= 3.11.9 CrossSite Request Forgery (CSRF) vulnerability

+2.7 AXP

4.3

5 May, 2023

Plugin

WP Job Portal <= 2.0.1 Unauthorized Plugin Settings Change vulnerability

+10.8 AXP

5.4

5 May, 2023

Plugin

Active Directory Integration / LDAP Integration < 4.1.1 Unauthenticated Data Disclosure vulnerability

7.5

27 April, 2023

Plugin

Profile Builder <= 3.9.0 Insecure Password Reset Mechanism vulnerability

+0 AXP

9.8

27 April, 2023

Plugin

f(x) TOC <= 1.1.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

26 April, 2023

Plugin

ActiveCampaign < 8.1.12 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Product Slider For WooCommerce Lite <= 1.1.7 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Wp D3 <= 2.4.1 D3 plugin <= 2.4.1 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Custom Post Type List Shortcode <= 1.4.4 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Post Shortcode <= 2.0.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Enable/Disable Auto Login when Register <= 1.1.0 CrossSite Request Forgery (CSRF) vulnerability

4.3

25 April, 2023

Plugin

Ultimate Carousel For WPBakery Page Builder <= 2.6 Contributor+ Stored XSS vulnerability

6.5

25 April, 2023

Plugin

Mega Addons For WPBakery Page Builder <= 4.2.7 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

25 April, 2023

Plugin

Ultimate Carousel For Elementor <= 2.1.7 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Avirato hotels online booking engine <= 5.0.5 Auth. SQL Injection (SQLi) vulnerability

8.5

25 April, 2023

Plugin

Weaver Xtreme Theme Support <= 6.2.5 Auth. Stored CrossSite Scripting (XSS) vulnerability

6.5

25 April, 2023

Plugin

Rating Widget <= 3.2.0 Widget: Star Review System plugin <= 3.2.0 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

24 April, 2023

Plugin

Arconix Shortcodes <= 2.1.7 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

24 April, 2023

Plugin

WPJAM Basic <= 6.2.1 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

20 April, 2023

Plugin

Premmerce <= 1.3.18 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

20 April, 2023

Plugin

Mail Subscribe List <= 2.1.9 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

20 April, 2023

Plugin

Uji Popup <= 1.4.3 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

19 April, 2023

Plugin

File Gallery <= 1.8.5.3 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

19 April, 2023

Plugin

Social Share Boost <= 4.4 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

19 April, 2023

Plugin

WP Links Page <= 4.9.3 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

19 April, 2023

Plugin

FormCraft <= 1.2.7 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

19 April, 2023

Plugin

WP Docs <= 1.9.8 Broken Access Control

+5.4 AXP

5.4

19 April, 2023

Plugin

WP Login Box <= 2.0.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.9

19 April, 2023

Plugin

GDPR Compliance & Cookie Consent <= 1.2 Cross Site Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

19 April, 2023

Plugin

Motors – Car Dealer & Classified Ads <= 1.4.4 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

+2.7 AXP

5.4

19 April, 2023

Plugin

Pearl <= 1.3.4 CrossSite Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

19 April, 2023

Plugin

BadgeOS <= 3.7.1.6 Multiple CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

6.3

18 April, 2023

Plugin

Button Builder – Buttons X <= 0.8.6 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

18 April, 2023

Plugin

BBSpoiler <= 2.01 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

18 April, 2023

Plugin

Smart WooCommerce Search <= 2.5.0 Broken Access Control

+4.3 AXP

4.3

18 April, 2023

Plugin

Zendesk Support for WordPress <= 1.8.4 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

18 April, 2023

Plugin

Easy Appointments <= 3.10.7 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.9

14 April, 2023

Plugin

Shortcodes <= 3.46 Broken Access Control vulnerability

+8.6 AXP

4.3

14 April, 2023

Plugin

CoSchedule <= 3.3.8 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

13 April, 2023

Plugin

Easy Sign Up <= 3.4.1 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

6 April, 2023

Plugin

IMPress Listings <= 2.6.2 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

6 April, 2023

Plugin

qTranslate X Cleanup and WPML Import <= 3.0.1 Broken Access Control vulnerability

+4.3 AXP

4.3

6 April, 2023

Plugin

Really Simple Google Tag Manager <= 1.0.6 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

30 March, 2023

Plugin

WishSuite <= 1.3.3 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

30 March, 2023

Plugin

HT Menu <= 1.2.1 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

30 March, 2023

Plugin

JustTables – WooCommerce Product Table <= 1.4.9 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

30 March, 2023

Plugin

Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

30 March, 2023

Plugin

Advanced Shipment Tracking for WooCommerce <= 3.5.2 CrossSite Request Forgery (CSRF) vulnerability

+3.23 AXP

4.3

28 March, 2023

Plugin

Advanced Local Pickup for WooCommerce <= 1.5.2 Broken Access Control

+5.4 AXP

5.4

28 March, 2023

Plugin

TH Variation Swatches <= 1.2.7 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

22 March, 2023

Plugin

TH Side Cart and Menu Cart for Woocommerce <= 1.1.1 Broken Access Control

+10.8 AXP

5.4

22 March, 2023

Plugin

Advance WordPress Search Plugin <= 1.1.4 Broken Access Control

+10.8 AXP

5.4

22 March, 2023

Plugin

eRoom – Zoom Meetings & Webinar <= 1.4.6 Broken Access Control vulnerability

+0 AXP

4.3

22 March, 2023

Plugin

Wbcom Designs – BuddyPress Activity Social Share <= 3.5.0 Cross Site Request Forgery (CSRF)

+5.4 AXP

5.4

22 March, 2023

Plugin

WP Content Pilot – Autoblogging & Affiliate Marketing Plugin <= 1.3.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

22 March, 2023

Plugin

Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

22 March, 2023

Plugin

Worth The Read <= 1.14 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

22 March, 2023

Plugin

Fuse Social Floating Sidebar <= 5.4.6 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

22 March, 2023

Plugin

Download Increase Maximum Upload File Size | Increase Execution Time <= 1.0.9 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

22 March, 2023

Plugin

Visibility Logic for Elementor <= 2.3.3 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

22 March, 2023

Plugin

GS Pins for Pinterest <= 1.6.2 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

22 March, 2023

Plugin

Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

22 March, 2023

Plugin

Update Image Tag Alt Attribute <= 2.4.5 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.1 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

PT Addons for Elementor Lite <= 2.2 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Product Category Slider for WooCommerce <= 4.1.5 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Post Grid, Slider & Carousel Ultimate <= 1.6.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Bangladeshi Payment Gateways <= 2.0.6 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Challan – PDF Invoice & Packing Slip for WooCommerce <= 3.4.8 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

WP Mail Logging <= 1.10.5 CrossSite Request Forgery (CSRF) vulnerability

+17.2 AXP

4.3

21 March, 2023

Plugin

Exclusive Addons Elementor <= 2.6.1 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

21 March, 2023

Plugin

Subscribe2 <= 10.37 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

21 March, 2023

Plugin

WP Dark Mode <= 3.0.4 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

WP User Frontend <= 3.6.0 CrossSite Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

21 March, 2023

Plugin

Product Gallery Slider for WooCommerce <= 2.2.6 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Dashboard Welcome for Elementor <= 1.0.6 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

WP VR <= 8.2.5 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Woostify Sites Library <= 1.4.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

W4 Post List <= 2.4.2 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Boostify Header Footer Builder for Elementor <= 1.2.8 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Click to top <= 1.2.19 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

wePOS – Point Of Sale (POS) for WooCommerce <= 1.2.5 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Gallery Box <= 1.7.30 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Magical Posts Display – Elementor & Gutenberg Posts Blocks <= 1.2.15 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

GS Testimonial Slider <= 1.9.7 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Webinar and Video Conference with Jitsi Meet <= 1.2.5 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Stylish Cost Calculator <= 7.3.6 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Dark Mode <= 4.1.2 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form <= 1.2.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Cart Lift <= 3.1.3 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Sheets To WP Table Live Sync <= 2.12.14 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Happy Addons for Elementor <= 3.7.2 CrossSite Request Forgery (CSRF) vulnerability

+21.5 AXP

4.3

21 March, 2023

Plugin

Wiremo – Product Reviews for WooCommerce <= 1.4.96 CrossSite Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

21 March, 2023

Plugin

Responsive Slider by MetaSlider <= 3.28.0 Cross Site Request Forgery (CSRF)

+25.8 AXP

4.3

21 March, 2023

Plugin

ConvertBox Auto Embed WordPress plugin <= 1.0.19 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

20 March, 2023

Plugin

Ecwid Shopping Cart <= 6.11.4 Cross Site Scripting (XSS) vulnerability

+13 AXP

6.5

17 March, 2023

Plugin

Contact Form 7 – PayPal & Stripe Add-on <= 1.9.3 on plugin <= 1.9.3 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

17 March, 2023

Plugin

WP Shortcode by MyThemeShop <= 1.4.16 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

16 March, 2023

Plugin

ProfileGrid 5.0.3 Broken Access Control vulnerability

6.3

16 March, 2023

Plugin

Contact Form Email <= 1.3.31 Missing Authorization Leading To Feedback Submission Vulnerability

+4.3 AXP

4.3

16 March, 2023

Plugin

CP Multi View Event Calendar <= 1.4.10 Missing Authorization Leading To Feedback Submission vulnerability

+4.3 AXP

4.3

16 March, 2023

Plugin

Event Manager for WooCommerce <= 3.7.7 Cross Site Request Forgery (CSRF)

+4.3 AXP

4.3

16 March, 2023

Plugin

HT Feed <= 1.2.7 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

16 March, 2023

Plugin

Min and Max Quantity for WooCommerce <= 1.3.2.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Advanced Product Labels for WooCommerce <= 1.2.4 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Load More Products for WooCommerce <= 1.1.9.7 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Brands for WooCommerce <= 3.7.0.5 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Grid List View for WooCommerce <= 1.1.3.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Cart Notices for WooCommerce <= 3.5.7.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Terms and Conditions Popup for WooCommerce <= 3.5.7.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Product Tabs Manager for WooCommerce <= 1.1.5.7 Broken Access Control

+0 AXP

5.4

16 March, 2023

Plugin

Product Watermark for WooCommerce <= 1.3.5.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Sequential Order Numbers for WooCommerce <= 3.5.7.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Pagination Styler for WooCommerce <= 3.5.7.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Sales Report for WooCommerce <= 3.5.7.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Products Compare for WooCommerce <= 3.5.7.7 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Products Suggestions for WooCommerce <= 3.5.7.6 Broken Access Control

+5.4 AXP

5.4

16 March, 2023

Plugin

Dynamics 365 Integration <= 1.3.12 Broken Access Control

+5.4 AXP

5.4

15 March, 2023

Plugin

Contact Form 7 Redirect & Thank You Page <= 1.0.3 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

15 March, 2023

Plugin

Backup Bank: WordPress Backup Plugin <= 4.0.28 Broken Access Control vulnerability

+0 AXP

4.3

15 March, 2023

Plugin

Popup Maker <= 1.17.1 Broken Access Control vulnerability

+21 AXP

3.5

13 March, 2023

Plugin

HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 Cross Site Request Forgery (CSRF) vulnerability

+4.3 AXP

4.3

8 March, 2023

Plugin

YITH WooCommerce Product Slider Carousel <= 1.16.0 CrossSite Request Forgery (CSRF)

+4.6 AXP

4.6

3 March, 2023

Plugin

Sales Report Email for WooCommerce <= 2.8 Auth. Test Email Submission vulnerability

+4.3 AXP

4.3

2 March, 2023

Plugin

Rife Elementor Extensions & Templates <= 1.1.10 Broken Access Control

+10.8 AXP

5.4

2 March, 2023

Plugin

CP Contact Form with Paypal <= 1.3.34 Missing Authorization Leading To Feedback Submission vulnerability

+4.3 AXP

4.3

1 March, 2023

Plugin

Calculated Fields Form <= 1.1.120 Missing Authorization Leading To Feedback Submission Vulnerability

+12.9 AXP

4.3

28 February, 2023

Plugin

Search in Place <= 1.0.104 Missing Authorization Leading To Feedback Submission vulnerability

+4.3 AXP

4.3

28 February, 2023

Plugin

WP Time Slots Booking Form <= 1.1.76 Missing Authorization Leading To Feedback Submission vulnerability

+4.3 AXP

4.3

28 February, 2023

Plugin

Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 Unauth. Nonarbitrary file upload/deletion

+6.5 AXP

6.5

24 February, 2023

Plugin

Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 Multiple CSRF vulnerabilities

+8.1 AXP

5.4

24 February, 2023

Plugin

Apollo13 Framework Extensions <= 1.8.10 Broken Access Control

+10.8 AXP

5.4

24 February, 2023

Plugin

Social Login WP <= 5.0.0.0 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

20 February, 2023

Plugin

Community by PeepSo <= 6.0.2.0 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

20 February, 2023

Plugin

Video Gallery – YouTube Gallery <= 1.7.6 Broken Access Control vulnerability

+7.5 AXP

7.5

20 February, 2023

Plugin

Gutenberg Blocks by WordPress Download Manager <= 2.1.8 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

20 February, 2023

Plugin

Uncanny Toolkit for LearnDash <= 3.6.4.1 Cross Site Request Forgery (CSRF) vulnerability

+8.6 AXP

4.3

20 February, 2023

Plugin

Simple PDF Viewer <= 1.9 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

17 February, 2023

Plugin

Google Maps v3 Shortcode <= 1.2.1 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

17 February, 2023

Plugin

Portfolio Slideshow <= 1.13.0 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

17 February, 2023

Plugin

Advanced Dynamic Pricing for WooCommerce <= 4.1.5 Broken Access Control

+6.3 AXP

6.3

17 February, 2023

Plugin

Fontiran <= 2.1 Broken Access Control

+0 AXP

5.4

15 February, 2023

Plugin

vSlider Multi Image Slider for WordPress <= 4.1.2 Cross Site Scripting (XSS)

+0 AXP

5.9

15 February, 2023

Plugin

Ultimate WP Query Search Filter <= 1.0.10 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

15 February, 2023

Plugin

NextGEN Gallery <= 3.28 CrossSite Request Forgery (CSRF)

+0 AXP

4.3

14 February, 2023

Plugin

Tickera <= 3.5.1.0 CSRF Leading To Post Status Change Vulnerability

+5.4 AXP

5.4

14 February, 2023

Plugin

Profile Builder <= 3.9.0 Sensitive Information Disclosure via Shortcode vulnerability

6.5

14 February, 2023

Plugin

Fancy Comments WordPress <= 1.2.10 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

13 February, 2023

Plugin

Portfolio – WordPress Portfolio Plugin <= 2.8.10 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

13 February, 2023

Plugin

Booking Calendar Contact Form <= 1.2.34 Broken Access Control

+0 AXP

4.3

6 February, 2023

Plugin

Google Maps CP <= 1.0.43 Missing Authorization Leading To Feedback Submission Vulnerability

+4.3 AXP

4.3

6 February, 2023

Plugin

Ajax Search Lite <= 4.10.3 Auth. Data Exposure vulnerability

+0 AXP

4.3

6 February, 2023

Plugin

PayPal Brasil para WooCommerce <= 1.4.2 Broken Access Control

+4.3 AXP

4.3

6 February, 2023

Plugin

Formidable Forms <= 5.5.4 Broken Access Control vulnerability

+21.5 AXP

4.3

3 February, 2023

Plugin

WP Tabs <= 2.1.14 Cross Site Request Forgery (CSRF)

+0 AXP

5.4

2 February, 2023

Plugin

Multi-column Tag Map <= 17.0.24 column Tag Map plugin <= 17.0.24 Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

2 February, 2023

Plugin

We’re Open! <= 1.45 Broken Access Control

+4.3 AXP

4.3

2 February, 2023

Plugin

Robo Gallery <= 3.2.9 CrossSite Request Forgery (CSRF) vulnerability

+12.9 AXP

5.4

2 February, 2023

Plugin

Wufoo Shortcode < 1.52 Contributor+ Stored XSS via Shortcode vulnerability

+0 AXP

6.5

1 February, 2023

Plugin

GS Books Showcase < 1.3.1 Contributor+ Stored XSS Vulnerability

6.5

31 January, 2023

Plugin

GS Filterable Portfolio < 1.6.1 Contributor+ Stored XSS Vulnerability

6.5

31 January, 2023

Plugin

GS Portfolio for Envato < 1.4.0 Contributor+ Stored XSS Vulnerability

6.5

31 January, 2023

Plugin

GS Products Slider for WooCommerce < 1.5.9 Contributor+ Stored XSS Vulnerability

6.5

31 January, 2023

Lana Codes

Anonymous Guy