About Alliance Leaderboard Vulnerability database WordPress security
Login

thiennv

0
1
0
1
thiennv
Alliance XP
905.53
Total reports
186
Reports, last 90 days
43
Contributions 186
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

████

███████ █████ █████████████████████████████████████████████████

+16 AXP

8.2

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+10 AXP

5.3

Pending

████

███████ █████ █████████████████████████████████████████████████

+13 AXP

6.5

Pending

████

█████████████████████ █████ ███████████████████████████████████

+2 AXP

4.3

Pending

████

███████ █████ ██████████████████████████████████████████

+3 AXP

4.3

Pending

████

███████ █████ ███████████████████████████████████

+13 AXP

6.5

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+4 AXP

5.4

Pending

████

██████████████ █████ █████████████████████████████████████████████████

+8 AXP

4.3

Pending

████

███████ █████ ██████████████████████████████████████████

+8 AXP

4.3

Pending

Plugin

Awesome Support <= 6.1.6 Broken Access Control vulnerability

+13 AXP

6.5

4 days ago

Plugin

Product Catalog Feed by PixelYourSite <= 2.1.1 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

6 days ago

Plugin

Product Enquiry for WooCommerce <= 3.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

7 days ago

Plugin

Event post <= 5.8.6 Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

29 November, 2023

Plugin

RegistrationMagic <= 5.2.2.6 Delete Form Submission Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

27 November, 2023

Plugin

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 Broken Access Control vulnerability

+12.9 AXP

4.3

23 November, 2023

Plugin

Awesome Support <= 6.1.4 Broken Access control vulnerability

+5.4 AXP

5.4

23 November, 2023

Plugin

Awesome Support <= 6.1.4 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

23 November, 2023

Plugin

Decorator – WooCommerce Email Customizer <= 1.2.7 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

23 November, 2023

Plugin

Live Preview for Contact Form 7 <= 1.2.0 Broken Access Control vulnerability

+10.8 AXP

5.4

16 November, 2023

Plugin

Multi Step Form <= 1.7.12 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

13 November, 2023

Plugin

Product Enquiry for WooCommerce <= 3.0 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 November, 2023

Plugin

Shortcodes Finder <= 1.5.3 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 November, 2023

Plugin

WP Links Page <= 4.9.4 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

7 November, 2023

Plugin

ProfileGrid <= 5.7.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

7 November, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

7 November, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Cross Site Scripting (XSS) vulnerability

+5.33 AXP

7.1

7 November, 2023

Plugin

Who Hit The Page – Hit Counter <= 1.4.14.3 SQL Injection vulnerability

+0 AXP

7.6

7 November, 2023

Plugin

Products, Order & Customers Export for WooCommerce <= 2.0.8 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

7 November, 2023

Plugin

WooCommerce Product Table Lite <= 2.6.2 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

7 November, 2023

Plugin

Contact Forms by Cimatti <= 1.6.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

3 November, 2023

Plugin

DeepL Pro API translation <= 2.4.1.1 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

25 October, 2023

Plugin

Draw Attention <= 2.0.15 Broken Access Control vulnerability

+4.05 AXP

5.4

24 October, 2023

Plugin

Smart Online Order for Clover <= 1.5.4 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 October, 2023

Plugin

WOLF <= 1.0.7.1 Cross Site Request Forgery (CSRF) vulnerability

+2.47 AXP

4.3

17 October, 2023

Plugin

Who Hit The Page – Hit Counter <= 1.4.14.3 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

16 October, 2023

Plugin

ApplyOnline – Application Form Builder and Manager <= 2.5.3 Broken Access Control vulnerability

+3.23 AXP

4.3

16 October, 2023

Plugin

Ultimate Taxonomy Manager <= 2.0 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

13 October, 2023

Plugin

Ultimate Taxonomy Manager <= 2.0 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

13 October, 2023

Plugin

Newsletter & Bulk Email Sender <= 2.0.1 Cross Site Scripting (XSS) vulnerability

+0 AXP

6.5

13 October, 2023

Plugin

Proofreading <= 1.0.11 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

12 October, 2023

Plugin

Responsive Image Gallery, Gallery Album <= 2.0.3 Broken Access Control vulnerability

+4.3 AXP

4.3

11 October, 2023

Plugin

Responsive Image Gallery, Gallery Album <= 2.0.3 Cross Site Scripting (XSS) vulnerability

+7.1 AXP

7.1

11 October, 2023

Plugin

Responsive Image Gallery, Gallery Album <= 2.0.3 Multiple Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

11 October, 2023

Plugin

Feed Statistics <= 4.1 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

11 October, 2023

Plugin

Download canvasio3D Light <= 2.4.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

3 October, 2023

Plugin

Cooked <= 1.7.13 Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

29 September, 2023

Plugin

Brands for WooCommerce <= 3.8.2.2 Broken Access Control vulnerability

+10.6 AXP

5.3

26 September, 2023

Plugin

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 Broken Access Control vulnerability

+4.3 AXP

4.3

6 September, 2023

Plugin

WP Accessibility Helper (WAH) <= 0.6.2.4 Broken Access Control vulnerability

+3.23 AXP

4.3

5 September, 2023

Plugin

Restrict <= 2.2.4 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

5 September, 2023

Plugin

Click To Tweet <= 2.0.14 Broken Access Control vulnerability

+5.4 AXP

5.4

5 September, 2023

Plugin

Click To Tweet <= 2.0.14 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

5 September, 2023

Plugin

WP Bannerize Pro <= 1.6.9 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

1 September, 2023

Plugin

Ovic Product Bundle <= 1.1.2 Broken Access Control vulnerability

+13 AXP

6.5

1 September, 2023

Plugin

Pricing Deals for WooCommerce <= 2.0.3.2 Broken Access Control vulnerability

+10.6 AXP

5.3

29 August, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

18 August, 2023

Plugin

Mortgage Calculator Estatik <= 2.0.7 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

17 August, 2023

Plugin

Video Gallery & Management <= 3.3.5 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

16 August, 2023

Plugin

ImageRecycle pdf & image compression <= 3.1.11 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

11 August, 2023

Plugin

YITH WooCommerce Waiting List <= 2.9.0 Broken Access Control vulnerability

+10.6 AXP

5.3

10 August, 2023

Plugin

Google Map Shortcode <= 3.1.2 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

24 July, 2023

Plugin

GTmetrix for WordPress <= 0.4.7 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

19 July, 2023

Plugin

WP Dummy Content Generator <= 2.3.0 Broken Access Control vulnerability

+10.6 AXP

5.3

7 July, 2023

Plugin

WP Affiliate Links <= 0.1.1 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

15 June, 2023

Plugin

Front End Users <= 3.2.24 Cross Site Request Forgery (CSRF) vulnerability

+3.25 AXP

6.5

2 June, 2023

Plugin

Dynamic QR Code Generator <= 0.0.5 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

30 May, 2023

Plugin

bbPress Toolkit <= 1.0.12 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

30 May, 2023

Plugin

bbPress Toolkit <= 1.0.12 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

30 May, 2023

Plugin

Login Configurator <= 2.1 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

30 May, 2023

Plugin

WOLF <= 1.0.7 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

29 May, 2023

Plugin

bbp style pack <= 5.5.5 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

29 May, 2023

Plugin

Front End Users < 3.2.25 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 May, 2023

Plugin

Leyka <= 3.30.1 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 May, 2023

Plugin

Custom Post Type Generator <= 2.4.2 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

5.9

22 May, 2023

Plugin

Jazz Popups <= 1.8.7 Cross Site Request Forgery (CSRF) leading to XSS vulnerability

+0 AXP

5.4

18 May, 2023

Plugin

Jazz Popups <= 1.8.7 Cross Site Scripting (XSS) vulnerability

+0 AXP

7.1

18 May, 2023

Plugin

Donations Made Easy – Smart Donations <= 4.0.12 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

12 May, 2023

Plugin

WCP Contact Form <= 3.1.0 Broken Access Control vulnerability

+15 AXP

7.5

10 May, 2023

Plugin

WCP Contact Form <= 3.1.0 Broken Access Control vulnerability

+3.23 AXP

4.3

10 May, 2023

Plugin

WP Chinese Conversion <= 1.1.16 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

10 May, 2023

Plugin

Booking Ultra Pro <= 1.1.8 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 May, 2023

Plugin

GTmetrix for WordPress <= 0.4.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 May, 2023

Plugin

Albo Pretorio Online <= 4.6.3 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

3 May, 2023

Plugin

Depicter Slider <= 1.9.0 Broken Access Control vulnerability

+4.3 AXP

4.3

28 April, 2023

Plugin

Thumbs Rating <= 5.0.0 Race Condition vulnerability

+5.3 AXP

5.3

28 April, 2023

Plugin

Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

24 April, 2023

Plugin

Booking calendar, Appointment Booking System <= 3.2.7 SQL Injection

+0 AXP

6.7

19 April, 2023

Plugin

ShiftController Employee Shift Scheduling <= 4.9.23 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

6 April, 2023

Plugin

Coupon Affiliates <= 5.4.3 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

31 March, 2023

Plugin

Contest Gallery <= 21.1.2 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

Contact Forms by Cimatti <= 1.5.4 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

Contact Forms by Cimatti <= 1.5.4 Unauth. Stored Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

Continuous Image Carousel With Lightbox <= 1.0.15 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

27 March, 2023

Plugin

LiteSpeed Cache <= 5.3 CrossSite Request Forgery (CSRF) vulnerability

+43.2 AXP

5.4

22 March, 2023

Plugin

Owl Carousel <= 0.5.3 Broken Access Control vulnerability

+10.6 AXP

5.3

22 March, 2023

Plugin

I Recommend This <= 3.9.0 Cross Site Request Forgery (CSRF)

+2.15 AXP

4.3

22 March, 2023

Plugin

Side Menu Lite <= 4.0 Cross Site Request Forgery (CSRF) vulnerability

+2.15 AXP

4.3

8 March, 2023

Plugin

Hero Banner Ultimate <= 1.3.4 Auth. Stored Cross Site Scripting (XSS) vulnerability

+6.5 AXP

6.5

22 February, 2023

Plugin

Advanced Database Cleaner <= 3.1.1 Cross Site Request Forgery (CSRF)

+12.9 AXP

4.3

21 February, 2023

Plugin

Locatoraid Store Locator <= 3.9.11 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

14 February, 2023

Plugin

WPGlobus Translate Options <= 2.1.0 Cross Site Scripting (XSS) vulnerability

+11.6 AXP

5.8

14 February, 2023

Plugin

Jobs for WordPress <= 2.5.11.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+6.5 AXP

6.5

2 February, 2023

Plugin

Robo Gallery <= 3.2.11 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

30 January, 2023

Plugin

My Calendar <= 3.4.3 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

20 January, 2023

Plugin

M Chart <= 1.9.4 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

19 January, 2023

Plugin

WP TopBar <= 5.36 TopBar plugin <= 5.36 SQL Injection

+0 AXP

6.7

19 January, 2023

Plugin

WP TopBar <= 5.36 TopBar plugin <= 5.36 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

19 January, 2023

Plugin

Camera slideshow <= 1.4.0.1 Reflected Cross Site Scripting (XSS) vulnerability

+7.1 AXP

7.1

19 January, 2023

Plugin

User Meta Manager <= 3.4.9 Cross Site Request Forgery (CSRF) vulnerability

+5.4 AXP

5.4

19 January, 2023

Plugin

WP Calendar <= 1.5.3 Auth. Stored CrossSite Scripting (XSS) vulnerability

+5.4 AXP

5.4

7 December, 2022

Plugin

GC Testimonials <= 1.3.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+5.4 AXP

5.4

7 December, 2022

Plugin

WHA Puzzle <= 1.0.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

24 November, 2022

Plugin

ARForms Form Builder <= 1.5.6 Unauth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.1

23 November, 2022

Plugin

Contest Gallery <= 13.1.0.9 Unauth. Stored CrossSite Scripting (XSS) vulnerability

6.1

23 November, 2022

Plugin

iFeature Slider <= 1.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

17 November, 2022

Plugin

Quick Restaurant Reservations <= 1.5.4 CrossSite Request Forgery (CSRF) vulnerability

+5.3 AXP

5.3

9 November, 2022

Plugin

Simple Video Embedder <= 2.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+5.4 AXP

5.4

9 November, 2022

Plugin

Photo Gallery – Image Gallery by Ape <= 2.2.8 Auth. Broken Access Control vulnerability

4.3

31 October, 2022

Plugin

Photo Gallery – Image Gallery by Ape <= 2.2.8 Auth. CrossSite Scripting (XSS) vulnerability

5.4

31 October, 2022

Plugin

Glossary <= 3.1.2 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

29 October, 2022

Plugin

Slideshow SE <= 2.5.5 Auth. CrossSite Scripting (XSS) vulnerability

+0 AXP

4.4

28 October, 2022

Plugin

Slideshow SE <= 2.5.5 Auth. CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

28 October, 2022

Plugin

BuddyForms <= 2.7.5 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.7

27 October, 2022

Plugin

Gallery with thumbnail slider <= 6.0 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

27 October, 2022

Plugin

Testimonials <= 2.6 Auth. Stored CrossSite Scripting (XSS) vulnerability

4.8

27 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Auth. Reflected CrossSite Scripting (XSS) vulnerability

3.4

21 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

21 October, 2022

Plugin

WP Page Builder <= 1.2.6 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities

4.8

21 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Insecure direct object references (IDOR) vulnerability

3.8

29 September, 2022

Plugin

Booking Ultra Pro <= 1.1.8 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

6.1

28 September, 2022

Plugin

Booking Ultra Pro <= 1.1.8 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

+0 AXP

5.4

28 September, 2022

Plugin

Pop-Up Chop Chop <= 2.1.7 Up Chop Chop plugin <= 2.1.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

27 September, 2022

Plugin

Awesome Filterable Portfolio <= 1.9.7 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

6.1

15 September, 2022

Plugin

Awesome Filterable Portfolio <= 1.9.7 Unauthenticated Plugin Settings Change vulnerability

6.5

15 September, 2022

Plugin

GS Testimonial Slider <= 1.9.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.1

15 September, 2022

Plugin

NOTICE BOARD <= 1.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

14 September, 2022

Plugin

History Timeline <= 1.0.6 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

3.4

2 September, 2022

Plugin

Torro Forms <= 1.0.16 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

2 September, 2022

Plugin

Meet My Team <= 2.0.5 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

2 September, 2022

Plugin

Blossom Recipe Maker <= 1.0.7 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.1

1 September, 2022

Plugin

WHA Crossword <= 1.1.10 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

1 September, 2022

Plugin

Word Search Puzzles game <= 2.0.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

1 September, 2022

Plugin

Easy Org Chart <= 3.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

1 September, 2022

Plugin

Gallery PhotoBlocks <= 1.2.8 CrossSite Request Forgery (CSRF) vulnerabilities

+0 AXP

5.4

10 August, 2022

Plugin

Gallery PhotoBlocks <= 1.2.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

5.4

10 August, 2022

Plugin

amCharts: Charts and Maps <= 1.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

9 August, 2022

Plugin

Rich Reviews <= 1.9.19 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

2 August, 2022

Plugin

WP Hotel Booking <= 1.10.5 CrossSite Request Forgery (CSRF) vulnerability

4.3

2 August, 2022

Plugin

Floating Div <= 3.0 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29 July, 2022

Plugin

BxSlider WP <= 2.0.0 Authenticated CrossSite Scripting (XSS) vulnerability

5.4

27 July, 2022

Plugin

Team <= 1.2.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.1

20 July, 2022

Plugin

Testimonials <= 3.0.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

19 July, 2022

Plugin

XO Slider <= 3.3.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

14 June, 2022

Plugin

WordPress Team Manager <= 2.0.0 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.1

14 June, 2022

Plugin

Popup | Custom Popup Builder <= 1.3.1 Improper Access Control vulnerability leading to multiple Authenticated Stored XSS

5.4

14 June, 2022

Plugin

Easy Pricing Tables <= 3.1.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

27 May, 2022

Plugin

Travel Management <= 2.0 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.1

26 May, 2022

Plugin

Image Slider by NextCode <= 1.1.2 Slider Deletion via CrossSite Request Forgery (CSRF) vulnerability

5.4

26 May, 2022

Plugin

Promotion Slider <= 3.3.4 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

26 May, 2022

Plugin

Private Messages For WordPress <= 2.1.10 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

26 May, 2022

Plugin

Hotel Booking <= 3.2 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.1

26 May, 2022

Plugin

Opal Hotel Room Booking <= 1.2.7 Stored CrossSite Scripting (XSS) vulnerability

4.1

17 May, 2022

Plugin

Donations <= 1.8 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

13 May, 2022

Plugin

WP Slider Plugin <= 1.4.5 CrossSite Scripting (XSS) vulnerability

4.1

4 May, 2022

Plugin

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 5.1.4 Unauthenticated CrossSite Scripting (XSS) vulnerability via SVG image upload

4.7

26 April, 2022

Plugin

Psychological tests & quizzes <= 0.21.19 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

26 April, 2022

Plugin

KB Support <= 1.5.5 Multiple Unauth. Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

6.1

15 April, 2022

Plugin

Responsive Tabs <= 4.0.5 CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

11 April, 2022

Plugin

Pricing Table <= 1.5.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

5 April, 2022

Plugin

Testimonial Slider <= 3.5.8.4 CrossSite Scripting (XSS) vulnerability

4.1

4 April, 2022

Plugin

Simple Event Planner <= 1.5.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.1

23 March, 2022

Plugin

Yoo Slider <= 2.0.0 CrossSite Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

5.4

21 March, 2022

Plugin

Yoo Slider <= 2.0.0 Stored CrossSite Scripting (XSS) vulnerability

5.4

21 March, 2022

Plugin

Spiffy Calendar <= 4.9.0 Event deletion via CrossSite Request Forgery (CSRF) vulnerability

5.4

10 February, 2022

Plugin

MaxGalleria <= 6.2.7 Stored CrossSite Scripting (XSS) vulnerability

4.8

2 February, 2022

Plugin

Price Table <= 0.2.2 Stored CrossSite Scripting (XSS) vulnerability

4.1

27 January, 2022

Plugin

Ultimate Reviews <= 3.0.15 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

6 January, 2022

Plugin

Contest Gallery <= 13.1.0.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

20 December, 2021

Plugin

WP-DownloadManager <= 1.68.6 DownloadManager plugin <= 1.68.6 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

8 December, 2021

Plugin

Survey Maker <= 2.0.6 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

4.7

3 December, 2021

Plugin

Testimonial <= 1.6.1 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

7 November, 2021

Plugin

XCloner Backup, Restore and Migrate <= 4.2.161 Authenticated SQL Injection (SQLi) vulnerability

6.7

28 May, 2021

Plugin

CMP – Coming Soon & Maintenance <= 4.0.9 Authenticated Remote Code Execution (RCE) vulnerability

7.2

2 May, 2021

Plugin

CMP – Coming Soon & Maintenance <= 4.0.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.9

2 May, 2021

Plugin

Media File Renamer <= 5.1.9 CrossSite Request Forgery (CSRF) vulnerability

5.4

9 April, 2021

Plugin

Image Photo Gallery Final Tiles Grid <= 3.4.18 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

28 May, 2020

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close