About Alliance Leaderboard Vulnerability database WordPress security
Login

Rasi

0
0
0
0
Rasi
Alliance XP
0
Total reports
31
Reports, last 90 days
0
Contributions 31
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

WordPress Countdown Widget <= 3.1.9.1 CrossSite Request Forgery (CSRF) leading to CrossSite Scripting (XSS)

6.1

23 November, 2022

Plugin

Mantenimiento web <= 0.13 CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)

6.1

31 October, 2022

Plugin

Forms by CaptainForm <= 2.5.3 CrossSite Request Forgery (CSRF) vulnerability

5.4

29 October, 2022

Plugin

Auto Upload Images <= 3.3 CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)

+0 AXP

6.1

24 October, 2022

Plugin

Media Library Folders <= 7.1.1 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 September, 2022

Plugin

OSM – OpenStreetMap <= 6.0.2 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

30 September, 2022

Plugin

HREFLANG Tags Lite <= 2.0.0 Unauthenticated Plugin Data Reset vulnerability

6.5

29 September, 2022

Plugin

Oceanwp sticky header <= 1.0.8 CrossSite Request Forgery (CSRF) vulnerability

4.3

27 September, 2022

Plugin

Advance WordPress Search Plugin <= 1.1.4 Unauthenticated Plugin Settings Change vulnerability

+0 AXP

6.5

27 September, 2022

Plugin

Advance WordPress Search Plugin <= 1.1.9 Unauthenticated Plugin Settings Reset vulnerability

+0 AXP

6.5

27 September, 2022

Plugin

Kraken.io Image Optimizer <= 2.6.5 CrossSite Request Forgery (CSRF) vulnerability

5.4

23 September, 2022

Plugin

3D Tag Cloud <= 3.8 Multiple Stored CrossSite Scripting (XSS) via CrossSite Request Forgery (CSRF) vulnerability

6.1

22 September, 2022

Plugin

RD Station <= 5.2.0 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

11 September, 2022

Plugin

Mega Addons For WPBakery Page Builder <= 4.3.0 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

2 September, 2022

Plugin

Captcha Code <= 2.7 CrossSite Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

5.4

1 September, 2022

Plugin

GetResponse for WordPress <= 5.5.20 CrossSite Request Forgery (CSRF) vulnerability leading to API Key Update

5.4

1 September, 2022

Plugin

CallRail Phone Call Tracking <= 0.4.9 CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)

6.1

1 September, 2022

Plugin

MP3 jPlayer <= 2.7.3 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

1 September, 2022

Plugin

Better Font Awesome <= 2.0.1 CrossSite Request Forgery (CSRF) vulnerability

4.3

25 August, 2022

Plugin

wp-forecast <= 7.5 forecast plugin <= 7.5 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

25 August, 2022

Plugin

Photo Gallery by Supsystic <= 1.15.5 CrossSite Request Forgery (CSRF) leading to Plugin Settings Change

5.4

15 June, 2022

Plugin

API KEY for Google Maps <= 1.2.1 CSRF vulnerability leading to Google Maps API key update

5.4

8 June, 2022

Plugin

Social Share Buttons by Supsystic <= 2.2.3 CrossSite Request Forgery (CSRF) vulnerability

4.3

27 May, 2022

Plugin

Disable Right Click For WP <= 1.1.6 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

4 May, 2022

Plugin

Code Snippets Extended <= 1.4.7 CrossSite Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability

8.8

4 May, 2022

Plugin

Footer Text <= 2.0.3 CrossSite Request Forgery (CSRF) leading to CrossSite Scripting (XSS) vulnerability

6.1

28 April, 2022

Plugin

Use Any Font <= 6.1.7 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 March, 2022

Plugin

Analytics Cat <= 1.0.9 Plugin Settings change via CrossSite Request Forgery (CSRF) vulnerability

4.7

8 March, 2022

Plugin

PHP Everywhere <= 2.0.2 CrossSite Request Forgery (CSRF) vulnerability

5.4

23 December, 2021

Plugin

Ark-commenteditor <= 2.15.6 commenteditor plugin <= 2.15.6 Iframe Injection via Comment vulnerability

5.3

23 September, 2021

Plugin

WP SVG images <= 3.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability via uploaded SVG file

7.6

14 June, 2021

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close