thiennv

Twitter Github Website

Buy me a coffee ☕

28 November, 2022

Alliance XP

905.53

Total reports

186

Reports, last 90 days

Contributions 186

Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

████

███████ █████ █████████████████████████████████████████████████

+16 AXP

8.2

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+10 AXP

5.3

Pending

████

███████ █████ █████████████████████████████████████████████████

+13 AXP

6.5

Pending

████

█████████████████████ █████ ███████████████████████████████████

+2 AXP

4.3

Pending

████

███████ █████ ██████████████████████████████████████████

+3 AXP

4.3

Pending

████

███████ █████ ███████████████████████████████████

+13 AXP

6.5

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+4 AXP

5.4

Pending

████

██████████████ █████ █████████████████████████████████████████████████

+8 AXP

4.3

Pending

████

███████ █████ ██████████████████████████████████████████

+8 AXP

4.3

Pending

Plugin

Awesome Support <= 6.1.6 Broken Access Control vulnerability

+13 AXP

6.5

4 days ago

Plugin

Product Catalog Feed by PixelYourSite <= 2.1.1 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

6 days ago

Plugin

Product Enquiry for WooCommerce <= 3.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

7 days ago

Plugin

Event post <= 5.8.6 Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

29 November, 2023

Plugin

RegistrationMagic <= 5.2.2.6 Delete Form Submission Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

27 November, 2023

Plugin

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 Broken Access Control vulnerability

+12.9 AXP

4.3

23 November, 2023

Plugin

Awesome Support <= 6.1.4 Broken Access control vulnerability

+5.4 AXP

5.4

23 November, 2023

Plugin

Awesome Support <= 6.1.4 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

23 November, 2023

Plugin

Decorator – WooCommerce Email Customizer <= 1.2.7 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

23 November, 2023

Plugin

Live Preview for Contact Form 7 <= 1.2.0 Broken Access Control vulnerability

+10.8 AXP

5.4

16 November, 2023

Plugin

Multi Step Form <= 1.7.12 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

13 November, 2023

Plugin

Product Enquiry for WooCommerce <= 3.0 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 November, 2023

Plugin

Shortcodes Finder <= 1.5.3 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 November, 2023

Plugin

WP Links Page <= 4.9.4 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

7 November, 2023

Plugin

ProfileGrid <= 5.7.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

7 November, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

7 November, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Cross Site Scripting (XSS) vulnerability

+5.33 AXP

7.1

7 November, 2023

Plugin

Who Hit The Page – Hit Counter <= 1.4.14.3 SQL Injection vulnerability

+0 AXP

7.6

7 November, 2023

Plugin

Products, Order & Customers Export for WooCommerce <= 2.0.8 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

7 November, 2023

Plugin

WooCommerce Product Table Lite <= 2.6.2 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

7 November, 2023

Plugin

Contact Forms by Cimatti <= 1.6.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

3 November, 2023

Plugin

DeepL Pro API translation <= 2.4.1.1 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

25 October, 2023

Plugin

Draw Attention <= 2.0.15 Broken Access Control vulnerability

+4.05 AXP

5.4

24 October, 2023

Plugin

Smart Online Order for Clover <= 1.5.4 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 October, 2023

Plugin

WOLF <= 1.0.7.1 Cross Site Request Forgery (CSRF) vulnerability

+2.47 AXP

4.3

17 October, 2023

Plugin

Who Hit The Page – Hit Counter <= 1.4.14.3 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

16 October, 2023

Plugin

ApplyOnline – Application Form Builder and Manager <= 2.5.3 Broken Access Control vulnerability

+3.23 AXP

4.3

16 October, 2023

Plugin

Ultimate Taxonomy Manager <= 2.0 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

13 October, 2023

Plugin

Ultimate Taxonomy Manager <= 2.0 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

13 October, 2023

Plugin

Newsletter & Bulk Email Sender <= 2.0.1 Cross Site Scripting (XSS) vulnerability

+0 AXP

6.5

13 October, 2023

Plugin

Proofreading <= 1.0.11 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

12 October, 2023

Plugin

Responsive Image Gallery, Gallery Album <= 2.0.3 Broken Access Control vulnerability

+4.3 AXP

4.3

11 October, 2023

Plugin

Responsive Image Gallery, Gallery Album <= 2.0.3 Cross Site Scripting (XSS) vulnerability

+7.1 AXP

7.1

11 October, 2023

Plugin

Responsive Image Gallery, Gallery Album <= 2.0.3 Multiple Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

11 October, 2023

Plugin

Feed Statistics <= 4.1 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

11 October, 2023

Plugin

Download canvasio3D Light <= 2.4.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

3 October, 2023

Plugin

Cooked <= 1.7.13 Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

29 September, 2023

Plugin

Brands for WooCommerce <= 3.8.2.2 Broken Access Control vulnerability

+10.6 AXP

5.3

26 September, 2023

Plugin

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 Broken Access Control vulnerability

+4.3 AXP

4.3

6 September, 2023

Plugin

WP Accessibility Helper (WAH) <= 0.6.2.4 Broken Access Control vulnerability

+3.23 AXP

4.3

5 September, 2023

Plugin

Restrict <= 2.2.4 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

5 September, 2023

Plugin

Click To Tweet <= 2.0.14 Broken Access Control vulnerability

+5.4 AXP

5.4

5 September, 2023

Plugin

Click To Tweet <= 2.0.14 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

5 September, 2023

Plugin

WP Bannerize Pro <= 1.6.9 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

1 September, 2023

Plugin

Ovic Product Bundle <= 1.1.2 Broken Access Control vulnerability

+13 AXP

6.5

1 September, 2023

Plugin

Pricing Deals for WooCommerce <= 2.0.3.2 Broken Access Control vulnerability

+10.6 AXP

5.3

29 August, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

18 August, 2023

Plugin

Mortgage Calculator Estatik <= 2.0.7 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

17 August, 2023

Plugin

Video Gallery & Management <= 3.3.5 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

16 August, 2023

Plugin

ImageRecycle pdf & image compression <= 3.1.11 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

11 August, 2023

Plugin

YITH WooCommerce Waiting List <= 2.9.0 Broken Access Control vulnerability

+10.6 AXP

5.3

10 August, 2023

Plugin

Google Map Shortcode <= 3.1.2 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

24 July, 2023

Plugin

GTmetrix for WordPress <= 0.4.7 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

19 July, 2023

Plugin

WP Dummy Content Generator <= 2.3.0 Broken Access Control vulnerability

+10.6 AXP

5.3

7 July, 2023

Plugin

WP Affiliate Links <= 0.1.1 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

15 June, 2023

Plugin

Front End Users <= 3.2.24 Cross Site Request Forgery (CSRF) vulnerability

+3.25 AXP

6.5

2 June, 2023

Plugin

Dynamic QR Code Generator <= 0.0.5 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

30 May, 2023

Plugin

bbPress Toolkit <= 1.0.12 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

30 May, 2023

Plugin

bbPress Toolkit <= 1.0.12 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

30 May, 2023

Plugin

+14.2 AXP

7.1

30 May, 2023

Plugin

WOLF <= 1.0.7 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

29 May, 2023

Plugin

bbp style pack <= 5.5.5 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

29 May, 2023

Plugin

Front End Users < 3.2.25 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 May, 2023

Plugin

Leyka <= 3.30.1 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 May, 2023

Plugin

Custom Post Type Generator <= 2.4.2 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

5.9

22 May, 2023

Plugin

Jazz Popups <= 1.8.7 Cross Site Request Forgery (CSRF) leading to XSS vulnerability

+0 AXP

5.4

18 May, 2023

Plugin

Jazz Popups <= 1.8.7 Cross Site Scripting (XSS) vulnerability

+0 AXP

7.1

18 May, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

12 May, 2023

Plugin

WCP Contact Form <= 3.1.0 Broken Access Control vulnerability

+15 AXP

7.5

10 May, 2023

Plugin

WCP Contact Form <= 3.1.0 Broken Access Control vulnerability

+3.23 AXP

4.3

10 May, 2023

Plugin

WP Chinese Conversion <= 1.1.16 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

10 May, 2023

Plugin

Booking Ultra Pro <= 1.1.8 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 May, 2023

Plugin

GTmetrix for WordPress <= 0.4.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 May, 2023

Plugin

Albo Pretorio Online <= 4.6.3 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

3 May, 2023

Plugin

Depicter Slider <= 1.9.0 Broken Access Control vulnerability

+4.3 AXP

4.3

28 April, 2023

Plugin

Thumbs Rating <= 5.0.0 Race Condition vulnerability

+5.3 AXP

5.3

28 April, 2023

Plugin

Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

24 April, 2023

Plugin

Booking calendar, Appointment Booking System <= 3.2.7 SQL Injection

+0 AXP

6.7

19 April, 2023

Plugin

ShiftController Employee Shift Scheduling <= 4.9.23 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

6 April, 2023

Plugin

Coupon Affiliates <= 5.4.3 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

31 March, 2023

Plugin

Contest Gallery <= 21.1.2 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

Contact Forms by Cimatti <= 1.5.4 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

Contact Forms by Cimatti <= 1.5.4 Unauth. Stored Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

Continuous Image Carousel With Lightbox <= 1.0.15 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

LiteSpeed Cache <= 5.3 CrossSite Request Forgery (CSRF) vulnerability

+43.2 AXP

5.4

22 March, 2023

Plugin

Owl Carousel <= 0.5.3 Broken Access Control vulnerability

+10.6 AXP

5.3

22 March, 2023

Plugin

I Recommend This <= 3.9.0 Cross Site Request Forgery (CSRF)

+2.15 AXP

4.3

22 March, 2023

Plugin

Side Menu Lite <= 4.0 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

8 March, 2023

Plugin

Hero Banner Ultimate <= 1.3.4 Auth. Stored Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

22 February, 2023

Plugin

Advanced Database Cleaner <= 3.1.1 Cross Site Request Forgery (CSRF)

+12.9 AXP

4.3

21 February, 2023

Plugin

Locatoraid Store Locator <= 3.9.11 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

14 February, 2023

Plugin

WPGlobus Translate Options <= 2.1.0 Cross Site Scripting (XSS) vulnerability

+11.6 AXP

5.8

14 February, 2023

Plugin

Jobs for WordPress <= 2.5.11.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+6.5 AXP

6.5

2 February, 2023

Plugin

Robo Gallery <= 3.2.11 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

30 January, 2023

Plugin

My Calendar <= 3.4.3 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

20 January, 2023

Plugin

M Chart <= 1.9.4 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

19 January, 2023

Plugin

WP TopBar <= 5.36 TopBar plugin <= 5.36 SQL Injection

+0 AXP

6.7

19 January, 2023

Plugin

WP TopBar <= 5.36 TopBar plugin <= 5.36 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

19 January, 2023

Plugin

Camera slideshow <= 1.4.0.1 Reflected Cross Site Scripting (XSS) vulnerability

+7.1 AXP

7.1

19 January, 2023

Plugin

User Meta Manager <= 3.4.9 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

19 January, 2023

Plugin

WP Calendar <= 1.5.3 Auth. Stored CrossSite Scripting (XSS) vulnerability

+5.4 AXP

5.4

7 December, 2022

Plugin

GC Testimonials <= 1.3.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+5.4 AXP

5.4

7 December, 2022

Plugin

WHA Puzzle <= 1.0.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

24 November, 2022

Plugin

ARForms Form Builder <= 1.5.6 Unauth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.1

23 November, 2022

Plugin

Contest Gallery <= 13.1.0.9 Unauth. Stored CrossSite Scripting (XSS) vulnerability

6.1

23 November, 2022

Plugin

iFeature Slider <= 1.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

17 November, 2022

Plugin

Quick Restaurant Reservations <= 1.5.4 CrossSite Request Forgery (CSRF) vulnerability

+5.3 AXP

5.3

9 November, 2022

Plugin

Simple Video Embedder <= 2.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+5.4 AXP

5.4

9 November, 2022

Plugin

Photo Gallery – Image Gallery by Ape <= 2.2.8 Auth. Broken Access Control vulnerability

4.3

31 October, 2022

Plugin

Photo Gallery – Image Gallery by Ape <= 2.2.8 Auth. CrossSite Scripting (XSS) vulnerability

5.4

31 October, 2022

Plugin

Glossary <= 3.1.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

29 October, 2022

Plugin

Slideshow SE <= 2.5.5 Auth. CrossSite Scripting (XSS) vulnerability

+0 AXP

4.4

28 October, 2022

Plugin

Slideshow SE <= 2.5.5 Auth. CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

28 October, 2022

Plugin

BuddyForms <= 2.7.5 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.7

27 October, 2022

Plugin

Gallery with thumbnail slider <= 6.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

27 October, 2022

Plugin

Testimonials <= 2.6 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

27 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Auth. Reflected CrossSite Scripting (XSS) vulnerability

3.4

21 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

21 October, 2022

Plugin

WP Page Builder <= 1.2.6 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities

4.8

21 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Insecure direct object references (IDOR) vulnerability

3.8

29 September, 2022

Plugin

Booking Ultra Pro <= 1.1.8 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

6.1

28 September, 2022

Plugin

Booking Ultra Pro <= 1.1.8 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

+0 AXP

5.4

28 September, 2022

Plugin

Pop-Up Chop Chop <= 2.1.7 Up Chop Chop plugin <= 2.1.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

27 September, 2022

Plugin

Awesome Filterable Portfolio <= 1.9.7 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

6.1

15 September, 2022

Plugin

Awesome Filterable Portfolio <= 1.9.7 Unauthenticated Plugin Settings Change vulnerability

6.5

15 September, 2022

Plugin

GS Testimonial Slider <= 1.9.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.1

15 September, 2022

Plugin

NOTICE BOARD <= 1.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

14 September, 2022

Plugin

History Timeline <= 1.0.6 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

3.4

2 September, 2022

Plugin

Torro Forms <= 1.0.16 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

2 September, 2022

Plugin

Meet My Team <= 2.0.5 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

2 September, 2022

Plugin

Blossom Recipe Maker <= 1.0.7 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.1

1 September, 2022

Plugin

WHA Crossword <= 1.1.10 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

1 September, 2022

Plugin

Word Search Puzzles game <= 2.0.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

1 September, 2022

Plugin

Easy Org Chart <= 3.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

1 September, 2022

Plugin

Gallery PhotoBlocks <= 1.2.8 CrossSite Request Forgery (CSRF) vulnerabilities

+0 AXP

5.4

10 August, 2022

Plugin

Gallery PhotoBlocks <= 1.2.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

5.4

10 August, 2022

Plugin

amCharts: Charts and Maps <= 1.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

9 August, 2022

Plugin

Rich Reviews <= 1.9.19 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

2 August, 2022

Plugin

WP Hotel Booking <= 1.10.5 CrossSite Request Forgery (CSRF) vulnerability

4.3

2 August, 2022

Plugin

Floating Div <= 3.0 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29 July, 2022

Plugin

BxSlider WP <= 2.0.0 Authenticated CrossSite Scripting (XSS) vulnerability

5.4

27 July, 2022

Plugin

Team <= 1.2.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.1

20 July, 2022

Plugin

Testimonials <= 3.0.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

19 July, 2022

Plugin

XO Slider <= 3.3.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

14 June, 2022

Plugin

WordPress Team Manager <= 2.0.0 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.1

14 June, 2022

Plugin

Popup | Custom Popup Builder <= 1.3.1 Improper Access Control vulnerability leading to multiple Authenticated Stored XSS

5.4

14 June, 2022

Plugin

Easy Pricing Tables <= 3.1.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

27 May, 2022

Plugin

Travel Management <= 2.0 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.1

26 May, 2022

Plugin

Image Slider by NextCode <= 1.1.2 Slider Deletion via CrossSite Request Forgery (CSRF) vulnerability

5.4

26 May, 2022

Plugin

Promotion Slider <= 3.3.4 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

26 May, 2022

Plugin

Private Messages For WordPress <= 2.1.10 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

26 May, 2022

Plugin

Hotel Booking <= 3.2 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.1

26 May, 2022

Plugin

Opal Hotel Room Booking <= 1.2.7 Stored CrossSite Scripting (XSS) vulnerability

4.1

17 May, 2022

Plugin

Donations <= 1.8 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

13 May, 2022

Plugin

WP Slider Plugin <= 1.4.5 CrossSite Scripting (XSS) vulnerability

4.1

4 May, 2022

Plugin

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 5.1.4 Unauthenticated CrossSite Scripting (XSS) vulnerability via SVG image upload

4.7

26 April, 2022

Plugin

Psychological tests & quizzes <= 0.21.19 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

26 April, 2022

Plugin

KB Support <= 1.5.5 Multiple Unauth. Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

6.1

15 April, 2022

Plugin

Responsive Tabs <= 4.0.5 CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

11 April, 2022

Plugin

Pricing Table <= 1.5.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

5 April, 2022

Plugin

Testimonial Slider <= 3.5.8.4 CrossSite Scripting (XSS) vulnerability

4.1

4 April, 2022

Plugin

Simple Event Planner <= 1.5.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

23 March, 2022

Plugin

Yoo Slider <= 2.0.0 CrossSite Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

5.4

21 March, 2022

Plugin

Yoo Slider <= 2.0.0 Stored CrossSite Scripting (XSS) vulnerability

5.4

21 March, 2022

Plugin

Spiffy Calendar <= 4.9.0 Event deletion via CrossSite Request Forgery (CSRF) vulnerability

5.4

10 February, 2022

Plugin

MaxGalleria <= 6.2.7 Stored CrossSite Scripting (XSS) vulnerability

4.8

2 February, 2022

Plugin

Price Table <= 0.2.2 Stored CrossSite Scripting (XSS) vulnerability

4.1

27 January, 2022

Plugin

Ultimate Reviews <= 3.0.15 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

6 January, 2022

Plugin

Contest Gallery <= 13.1.0.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

20 December, 2021

Plugin

WP-DownloadManager <= 1.68.6 DownloadManager plugin <= 1.68.6 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

8 December, 2021

Plugin

Survey Maker <= 2.0.6 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

4.7

3 December, 2021

Plugin

Testimonial <= 1.6.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

7 November, 2021

Plugin

XCloner Backup, Restore and Migrate <= 4.2.161 Authenticated SQL Injection (SQLi) vulnerability

6.7

28 May, 2021

Plugin

CMP – Coming Soon & Maintenance <= 4.0.9 Authenticated Remote Code Execution (RCE) vulnerability

7.2

2 May, 2021

Plugin

CMP – Coming Soon & Maintenance <= 4.0.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.9

2 May, 2021

Plugin

Media File Renamer <= 5.1.9 CrossSite Request Forgery (CSRF) vulnerability

5.4

9 April, 2021

Plugin

Image Photo Gallery Final Tiles Grid <= 3.4.18 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

28 May, 2020

Include pending

thiennv

Anonymous Guy

Solutions

WordPress security

Patchstack

Social

Solutions

WordPress security

Patchstack

Social

thiennv

Anonymous Guy

Solutions

WordPress security

Patchstack

Social

Solutions

WordPress security

Patchstack

Social

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!