About Alliance Leaderboard Vulnerability database WordPress security
Login

FearZzZz

0
0
0
0
FearZzZz
Alliance XP
129.9
Contributions
333
Contributions 333
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

████

██████████████ █████ █████████████████████████████████████████████████

+21.6 AXP

5.4

Pending

████

██████████████ █████ ██████████████████████████████████████████

+7.1 AXP

7.1

Pending

████

███████ █████ ██████████████████████████████████████████

+8.6 AXP

8.6

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+8.1 AXP

5.4

Pending

Plugin

Slide Anything <= 2.4.7 CrossSite Scripting (XSS) vulnerability

5.9

3 days ago

Theme

Real Estate 7 <= 3.3.4 Unauthenticated Arbitrary Email Sending vulnerability

5.8

7 days ago

Theme

Real Estate 7 <= 3.3.4 CrossSite Request Forgery vulnerability

4.3

02.03.2023

Theme

Real Estate 7 <= 3.3.4 Reflected CrossSite Scripting via ct_additional_features vulnerability

+0 AXP

7.1

02.03.2023

Theme

Real Estate 7 <= 3.3.1 Cross Site Scripting (XSS)

+7.1 AXP

7.1

20.02.2023

Theme

WoodMart <= 7.0.4 Unauth Arbitrary Shortcodes Injection

+31.8 AXP

5.3

16.02.2023

Theme

Monolit Theme <= 2.0.6 Cross Site Scripting (XSS) vulnerability

+7.1 AXP

7.1

06.02.2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Broken Access Control

+5.4 AXP

5.4

27.01.2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Arbitrary File Upload Vulnerability

+10 AXP

10.0

27.01.2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Unauthenticated Settings Change Vulnerability

+9.1 AXP

9.1

27.01.2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Multiple Cross Site Request Forgery (CSRF) Vulnerabilities

+5.4 AXP

5.4

27.01.2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Unauthenticated SQL Injection Vulnerability

+8.6 AXP

8.6

27.01.2023

Plugin

Smart Slider 3 <= 3.5.1.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

23.11.2022

Plugin

Creative Mail <= 1.5.4 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

28.10.2022

Plugin

SEO Redirection <= 8.9 Multiple CrossSite Scripting (CSRF) vulnerabilities

5.4

25.10.2022

Plugin

Image Hover Effects Ultimate <= 9.7.1 Auth. WordPress Options Change vulnerability

7.2

25.10.2022

Plugin

Quiz And Survey Master <= 7.3.6 Multiple Insecure direct object references (IDOR) vulnerabilities

2.7

21.10.2022

Plugin

Quiz And Survey Master <= 7.3.4 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities

5.4

21.10.2022

Plugin

Quiz And Survey Master <= 7.3.4 Auth. SQL Injection (SQLi) vulnerability

9.1

21.10.2022

Plugin

Accordions <= 2.0.3 Authenticated WordPress Options Change vulnerability

7.2

29.09.2022

Plugin

Analytics Cat <= 1.0.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29.09.2022

Plugin

Accordions <= 2.0.3 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities

3.4

29.09.2022

Plugin

Tabs <= 3.7.1 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

3.4

22.09.2022

Plugin

Awesome Support <= 6.0.7 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

14.09.2022

Plugin

WHA Crossword <= 1.1.10 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

01.09.2022

Plugin

Word Search Puzzles game <= 2.0.1 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

01.09.2022

Plugin

Event Calendar – Calendar <= 1.4.6 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

4.1

25.08.2022

Plugin

SP Project & Document Manager <= 4.59 Reflected CrossSite Scripting (XSS) vulnerability

6.1

10.08.2022

Plugin

WPIDE – File Manager & Code Editor <= 2.6 Authenticated Arbitrary File Edit/Upload vulnerability

6.5

09.08.2022

Plugin

Download Manager <= 3.2.48 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

02.08.2022

Plugin

Download Manager <= 3.2.48 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

5.4

02.08.2022

Plugin

Affiliate For WooCommerce <= 4.7.0 Authenticated IDOR vulnerability leading to PayPal email change

6.4

01.08.2022

Plugin

Tabs <= 3.6.0 Authenticated WordPress Options Change vulnerability

7.2

25.07.2022

Plugin

Flipbox <= 2.6.0 Authenticated WordPress Options Change vulnerability

7.2

25.07.2022

Plugin

Shortcode Addons <= 3.1.2 Authenticated WordPress Options Change vulnerability

7.2

25.07.2022

Plugin

Team <= 1.2.6 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

4.1

20.07.2022

Plugin

Accordions <= 2.0.2 Unauthenticated WordPress Options Change vulnerability

9.8

30.06.2022

Plugin

Shortcode Addons <= 3.0.2 Unauthenticated Arbitrary Option Update vulnerability

9.8

30.06.2022

Plugin

WP Maintenance <= 6.0.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

28.06.2022

Plugin

Popup Builder <= 4.1.0 CrossSite Request Forgery (CSRF) vulnerability leading to Popup Status Change

5.4

17.06.2022

Plugin

Social Share Buttons by Supsystic <= 2.2.3 Multiple Broken Access Control vulnerabilities

6.3

09.06.2022

Plugin

Social Share Buttons by Supsystic <= 2.2.3 Multiple Authenticated SQL Injection (SQLi) vulnerabilities

8.5

09.06.2022

Plugin

Image Slider by NextCode <= 1.1.2 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

26.05.2022

Plugin

Image Slider by NextCode <= 1.1.2 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

26.05.2022

Plugin

Private Messages For WordPress <= 2.1.10 Sending Messages via CrossSite Request Forgery (CSRF) vulnerability

4.3

26.05.2022

Plugin

Code Snippets <= 2.14.3 Reflected CrossSite Scripting (XSS) vulnerability

4.7

18.05.2022

Plugin

Code Snippets Extended <= 1.4.7 CrossSite Request Forgery (CSRF) vulnerability

5.4

17.05.2022

Plugin

Code Snippets Extended <= 1.4.7 CrossSite Request Forgery (CSRF) vulnerability leading to Persistent CrossSite Scripting (XSS)

4.7

17.05.2022

Plugin

Quick Restaurant Reservations <= 1.4.1 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

4.7

12.05.2022

Plugin

PNG to JPG <= 4.0 CrossSite Request Forgery (CSRF) leading to Persistent CrossSite Scripting (XSS) vulnerability

4.7

06.05.2022

Plugin

Remove CPT base <= 5.8 CrossSite Request Forgery (CSRF) vulnerability leading to CPT base deletion

5.4

06.05.2022

Plugin

wpDataTables <= 2.1.27 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

3.4

06.05.2022

Plugin

Subscribe To Comments Reloaded <= 211130 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

29.04.2022

Plugin

Countdown & Clock <= 2.5.4 Pro Features Lock Bypass vulnerability

+0 AXP

3.8

28.04.2022

Plugin

Countdown & Clock <= 2.3.2 Reflected CrossSite Scripting (XSS) vulnerability

4.7

28.04.2022

Plugin

Countdown & Clock <= 2.5.4 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.8

28.04.2022

Plugin

Hermit 音乐播放器 <= 3.1.6 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

28.04.2022

Plugin

Hermit 音乐播放器 <= 3.1.6 CrossSite Request Forgery (CSRF) leading to Stored CrossSite Scripting (XSS) vulnerability

4.7

28.04.2022

Plugin

Psychological tests & quizzes <= 0.21.19 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

26.04.2022

Plugin

Night Mode <= 1.0.0 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

25.04.2022

Plugin

Rara One Click Demo Import <= 1.2.9 CrossSite Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability

8.8

21.04.2022

Plugin

Advanced Contact form 7 DB <= 1.8.7 Persistent CrossSite Scripting (XSS) vulnerability

4.7

21.04.2022

Plugin

Simple Ajax Chat <= 20220115 Sensitive Information Disclosure vulnerability

5.3

15.04.2022

Plugin

Simple Ajax Chat <= 20220115 Multiple CrossSite Request Forgery (CSRF) vulnerability

5.4

15.04.2022

Plugin

eRoom – Zoom Meetings & Webinar <= 1.3.7 CrossSite Request Forgery (CSRF) vulnerability leading to Sync with Zoom Meetings

4.3

11.04.2022

Plugin

eRoom – Zoom Meetings & Webinar <= 1.3.8 CrossSite Request Forgery (CSRF) vulnerability leading to Cache Deletion

4.3

11.04.2022

Plugin

Yoo Slider <= 2.0.0 CrossSite Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification

4.3

11.04.2022

Plugin

Yoo Slider <= 2.0.0 CrossSite Request Forgery (CSRF) vulnerability leading to Template Import

4.3

11.04.2022

Plugin

FV Flowplayer Video Player <= 7.5.18.727 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.1

04.04.2022

Plugin

Simple Event Planner <= 1.5.4 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

4.1

23.03.2022

Plugin

Simple Event Planner <= 1.5.4 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

3.4

23.03.2022

Plugin

Contact Form X <= 2.4 Reflected CrossSite Scripting (XSS) vulnerability

4.7

25.02.2022

Plugin

WP Google Map Plugin <= 4.2.3 CrossSite Request Forgery (CSRF) vulnerability

5.4

22.02.2022

Plugin

Spiffy Calendar <= 4.9.0 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

4.7

10.02.2022

Plugin

Spiffy Calendar <= 4.9.0 Admin+ Persistent CrossSite Scripting (XSS) vulnerability

3.4

10.02.2022

Plugin

Spiffy Calendar <= 4.9.0 Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities

4.7

10.02.2022

Plugin

Spiffy Calendar <= 4.9.0 Edit/Delete event via IDOR vulnerability

6.3

10.02.2022

Theme

AccessPress Parallax <= 4.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Accesspress Lite <= 2.92 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

AccessPress Store <= 2.4.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Zigcy Lite <= 2.0.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Enlighten <= 1.3.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Accesspress Mag <= 2.6.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

StoreVilla <= 1.4.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Punte <= 1.1.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Accesspress Basic <= 3.2.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

AccessPress Root <= 2.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Construction Lite <= 1.2.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

VMagazine Lite <= 1.3.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

ParallaxSome <= 1.3.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

FotoGraphy <= 2.4.0 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

VMag <= 1.2.7 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Uncode Lite <= 1.3.3 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Bingle <= 1.0.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

The Launcher <= 1.3.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

ScrollMe <= 2.1.0 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Agency Lite <= 1.1.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Swing Lite <= 1.1.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Vmagazine News <= 1.0.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Bloger <= 1.2.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Revolve <= 1.3.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Ripple <= 1.2.0 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Zigcy Cosmetics <= 1.0.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

The Monday <= 1.4.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Zigcy Baby <= 1.0.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Doko <= 1.0.27 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Sakala <= 1.0.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Edict Lite <= 1.1.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

The100 <= 1.1.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

WP Store <= 1.1.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Eight Sec <= 1.1.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

EightLaw Lite <= 2.1.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Eightmedi Lite <= 2.1.8 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

EightStore Lite <= 1.2.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Brovy <= 1.3 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

WPparallax <= 2.0.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Arrival <= 1.4.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Theme

Ultra Seven <= 1.2.8 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28.01.2022

Theme

Opstore <= 1.4.3 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28.01.2022

Plugin

[GWA] AutoResponder <= 2.3 Authenticated SQL Injection (SQLi) vulnerability at &orderby

7.2

27.01.2022

Plugin

[GWA] AutoResponder <= 2.3 CrossSite Request Forgery (CSRF) leading to Persistent CrossSite Scripting (XSS) at &Subject

4.7

27.01.2022

Plugin

[GWA] AutoResponder <= 2.3 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

27.01.2022

Plugin

[GWA] AutoResponder <= 2.3 CrossSite Request Forgery (CSRF) leading to Multiple Persistent CrossSite Scripting (XSS)

6.1

27.01.2022

Plugin

Access Demo Importer <= 1.0.7 CrossSite Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation

6.5

24.01.2022

Plugin

Access Demo Importer <= 1.0.7 CrossSite Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

8.1

24.01.2022

Theme

AccessPress Parallax <= 4.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Accesspress Lite <= 2.92 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

AccessPress Store <= 2.4.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Zigcy Lite <= 2.0.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Enlighten <= 1.3.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Accesspress Mag <= 2.6.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

StoreVilla <= 1.4.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Punte <= 1.1.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Accesspress Basic <= 3.2.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

AccessPress Root <= 2.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Construction Lite <= 1.2.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

VMagazine Lite <= 1.3.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

ParallaxSome <= 1.3.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

FotoGraphy <= 2.4.0 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

VMag <= 1.2.7 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Uncode Lite <= 1.3.3 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Bingle <= 1.0.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

The Launcher <= 1.3.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

ScrollMe <= 2.1.0 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Agency Lite <= 1.1.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Swing Lite <= 1.1.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Vmagazine News <= 1.0.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Bloger <= 1.2.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Revolve <= 1.3.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Ripple <= 1.2.0 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Zigcy Cosmetics <= 1.0.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

The Monday <= 1.4.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi (Patchstack) in

8.1

24.01.2022

Theme

Zigcy Baby <= 1.0.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Doko <= 1.0.27 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Sakala <= 1.0.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Edict Lite <= 1.1.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

The100 <= 1.1.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

WP Store <= 1.1.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Eight Sec <= 1.1.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

EightLaw Lite <= 2.1.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Eightmedi Lite <= 2.1.8 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

EightStore Lite <= 1.2.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Brovy <= 1.3 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

WPparallax <= 2.0.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Arrival <= 1.4.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Theme

Ultra Seven <= 1.2.8 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24.01.2022

Theme

Opstore <= 1.4.3 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24.01.2022

Plugin

BP Better Messages <= 1.9.9.148 CrossSite Request Forgery (CSRF) vulnerability

4.3

18.01.2022

Plugin

WP-DownloadManager <= 1.68.6 DownloadManager plugin <= 1.68.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.8

12.01.2022

Plugin

PHP Everywhere <= 2.0.3 Remote Code Execution (RCE) vulnerability

9.9

11.01.2022

Plugin

WP-DownloadManager <= 1.68.5 DownloadManager plugin <= 1.68.5 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.8

10.01.2022

Plugin

tarteaucitron.js – Cookies legislation & GDPR <= 1.6 Multiple Stored Authenticated CrossSite Scripting (XSS) vulnerabilities

3.4

17.12.2021

Plugin

Accelerated Mobile Pages <= 1.0.77.32 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.8

15.12.2021

Plugin

Awesome Support <= 6.0.6 Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities

6.1

26.11.2021

Plugin

Backup Migration <= 1.1.5 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

17.11.2021

Plugin

Contact Form Entries <= 1.2.3 Unauthenticated Persistent CrossSite Scripting (XSS) vulnerability

6.1

14.11.2021

Plugin

Contact Form Entries <= 1.2.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

14.11.2021

Plugin

Contact Form Entries <= 1.2.3 Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities

4.7

14.11.2021

Plugin

Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

6.1

12.11.2021

Plugin

Contact Form 7 Database Addon – CFDB7 <= 1.2.5.9 CrossSite Request Forgery (CSRF) vulnerability

6.5

12.11.2021

Plugin

Email Tracker <= 5.2.6 CrossSite Request Forgery (CSRF) vulnerabilities leading to single or bulk email entries deletion

5.4

01.11.2021

Plugin

Download Monitor <= 4.4.6 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

+0 AXP

3.4

29.10.2021

Plugin

Download Monitor <= 4.4.6 Authenticated Arbitrary File Download vulnerability

6.8

29.10.2021

Plugin

YITH Maintenance Mode <= 1.3.8 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

6.9

23.09.2021

Plugin

uListing <= 2.0.5 Authenticated Insecure Direct Object References (IDOR) vulnerability

7.1

27.07.2021

Plugin

uListing <= 2.0.5 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

4.8

27.07.2021

Plugin

uListing <= 2.0.5 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

27.07.2021

Plugin

uListing <= 2.0.5 Modify User Roles via CrossSite Request Forgery (CSRF) vulnerability

6.5

27.07.2021

Plugin

uListing <= 2.0.5 Settings Update via CrossSite Request Forgery (CSRF) vulnerability

4.3

27.07.2021

Plugin

uListing <= 2.0.5 Unauthenticated Privilege Escalation vulnerability

9.8

27.07.2021

Plugin

uListing <= 2.0.3 Unauthenticated SQL Injection (SQLi) vulnerability

8.6

26.07.2021

Plugin

iQ Block Country <= 1.2.11 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.5

18.07.2021

Plugin

WordPress Popular Posts <= 5.3.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.5

04.07.2021

Plugin

WP DoNotTrack <= 0.8.8 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29.06.2021

Plugin

Async JavaScript <= 2.20.12.09 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29.06.2021

Plugin

WP Reset <= 1.86 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

16.06.2021

Plugin

WP Google Maps <= 8.1.12 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

5.5

15.06.2021

Plugin

WP Google Maps Pro <= 8.1.11 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

5.5

15.06.2021

Theme

Kupon <= 1.27 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Doo <= 1.25 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Careerfy <= 6.2.0 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Muza <= 1.26 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Strong <= 1.25 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Wisem <= 1.26 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Medican <= 1.27 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Loocall <= 1.23 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

FoodPicky <= 1.27 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

09.06.2021

Theme

Real Estate 7 <= 3.1.0 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

03.06.2021

Plugin

Backup by 10Web – Backup and Restore <= 1.0.20 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

5.5

23.05.2021

Plugin

JobSearch <= 1.7.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

19.05.2021

Plugin

Speed Booster Pack <= 4.1.3 Authenticated Remote Code Execution (RCE) vulnerability

7.2

10.05.2021

Plugin

Autoptimize <= 2.8.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

04.05.2021

Plugin

WP YouTube Lyte <= 1.7.15 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.5

03.05.2021

Plugin

SEO Redirection <= 6.4 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

01.05.2021

Plugin

Smooth Scroll Page Up/Down Buttons <= 1.4.1 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

29.04.2021

Plugin

WooCommerce <= 5.1.0 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.4

29.04.2021

Plugin

Funnel Builder by CartFlows <= 1.6.12 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29.04.2021

Theme

Goto <= 2.0 Unauthenticated Blind SQL Injection (SQLi) vulnerability

9.8

28.04.2021

Plugin

WP Super Cache <= 1.7.2 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.4

28.04.2021

Plugin

W3 Total Cache <= 2.1.2 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

25.04.2021

Plugin

Smooth Scroll Page Up/Down Buttons <= 1.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

24.04.2021

Plugin

Instant Images <= 4.4.0 Authenticated Stored CrossSite Scripting (XSS) vulnerability

6.9

22.04.2021

Plugin

Database Backup for WordPress <= 2.3.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

6.9

22.04.2021

Plugin

GA Google Analytics <= 20210211 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.4

21.04.2021

Plugin

SEO Redirection <= 6.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

6.5

21.04.2021

Plugin

SEO Redirection <= 6.3 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

6.8

21.04.2021

Plugin

All 404 Redirect to Homepage <= 1.20 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

6.5

21.04.2021

Plugin

All 404 Redirect to Homepage <= 1.20 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

6.8

21.04.2021

Plugin

GiveWP <= 2.10.1 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

6.5

21.04.2021

Plugin

Related Posts for WordPress <= 2.0.4 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

18.04.2021

Plugin

404 SEO Redirection <= 1.3 Reflected CrossSite Scripting (XSS) vulnerability

6.1

16.04.2021

Plugin

404 SEO Redirection <= 1.3 CrossSite Request Forgery (CSRF) leading to Stored CrossSite Scripting (XSS)

5.4

16.04.2021

Plugin

WP Login Security and History <= 1.0 Authenticated CrossSite Request Forgery (CSRF) vulnerability

5.2

12.04.2021

Plugin

WP Login Security and History <= 1.0 Authenticated Persistent XSS & XFS vulnerabilities

6.2

12.04.2021

Plugin

Content Copy Protection & Prevent Image Save <= 1.3 Authenticated CrossSite Request Forgery (CSRF) vulnerability

5.2

12.04.2021

Plugin

Content Copy Protection & Prevent Image Save <= 1.3 Authenticated Persistent XSS & XFS vulnerabilities

6.2

12.04.2021

Theme

Goto <= 1.9 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.4

31.03.2021

Theme

Bello - Directory & Listing <= 1.5.7 Directory & Listing premium theme <= 1.5.7 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

6.1

31.03.2021

Theme

Bello - Directory & Listing <= 1.5.7 Directory & Listing premium theme <= 1.5.7 Unauthenticated SQL Injection (SQLi) vulnerability

7.5

31.03.2021

Theme

Findeo <= 1.2.6 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.4

30.03.2021

Theme

Findeo <= 1.2.6 Authenticated Insecure Direct Object References (IDOR) vulnerability

6.5

30.03.2021

Plugin

Realteo <= 1.2.3 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.4

30.03.2021

Plugin

Realteo <= 1.2.3 Authenticated Insecure Direct Object References (IDOR) vulnerability

6.5

30.03.2021

Theme

WorkScout <= 2.0.31 CrossSite Scripting (XSS) vulnerability

8.2

29.03.2021

Theme

WorkScout <= 2.0.31 CrossFrame Scripting (XFS) vulnerability

6.1

29.03.2021

Theme

Listeo <= 1.6.07 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

8.2

29.03.2021

Theme

Listeo <= 1.6.07 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

6.9

29.03.2021

Theme

Listeo <= 1.6.07 Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

6.5

29.03.2021

Plugin

Controlled Admin Access <= 1.5.1 Improper Access Control & Privilege Escalation vulnerability

8.3

23.03.2021

Theme

Bello - Directory & Listing <= 1.5.9 Directory & Listing premium theme <= 1.5.9 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

21.03.2021

Plugin