Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

FearZzZz

0
0
1
1
Twitter Github Website
28 November, 2022
Alliance XP
696.75
Contributions
376
Contributions 376
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

████

██████████████ █████ █████████████████████████████████████████████████

+7 AXP

7.1

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+42 AXP

7.1

Pending

████

███████ █████ ███████████████████████████████████

+6 AXP

4.3

Pending

████

███████ █████ █████████████████████████████████████████████████

+10 AXP

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+6 AXP

6.3

Pending

████

█████████████████████ █████ ███████████████████████████████████

+14 AXP

7.1

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

+14 AXP

7.1

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

██████████████ █████ ██████████████████████████████████████████

+14 AXP

7.1

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+6 AXP

6.5

Pending

████

██████████████ █████ █████████████████████████████████████████████████

+12 AXP

4.3

Pending

████

██████████████ █████ ██████████████████████████████████████████

+2 AXP

4.3

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+27 AXP

9.3

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+30 AXP

7.5

Pending

████

██████████████ █████ ██████████████████████████████████████████

+14 AXP

7.1

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

+27 AXP

9.3

Pending

████

█████████████████████ █████ ███████████████████████████████████

+14 AXP

7.1

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+14 AXP

7.1

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+0 AXP

7.1

Pending

████

███████ █████ ██████████████████████████████████████████

+14 AXP

7.1

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

+0 AXP

7.1

Pending

████

███████ █████ ██████████████████████████████████████████

+0 AXP

7.1

Pending

████

█████████████████████ █████ ████████████████████████████████████████████████████████

+14 AXP

7.1

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

+2 AXP

4.3

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+2 AXP

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

███████ █████ █████████████████████████████████████████████████

+2 AXP

4.3

Pending

████

█████████████████████ █████ ███████████████████████████████████

+2 AXP

4.3

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+12 AXP

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+10 AXP

4.3

Pending

████

███████ █████ █████████████████████████████████████████████████

+2 AXP

4.3

Pending

████

██████████████ █████ ██████████████████████████████████████████

+10 AXP

5.4

Pending

████

█████████████████████ █████ ████████████████████████████████████████████████████████

+10 AXP

5.4

Pending

████

█████████████████████ █████ ███████████████████████████████████

+42.6 AXP

7.1

Pending

████

███████ █████ ██████████████████████████████████████████

+42.6 AXP

7.1

Pending

Plugin

FooGallery <= 2.2.44 Reflected Cross Site Scripting (XSS) vulnerability

+56.8 AXP

7.1

4 days ago

Plugin

FooGallery <= 2.2.44 Cross Site Request Forgery (CSRF) vulnerability

+10.8 AXP

5.4

4 days ago

Plugin

PeproDev CF7 Database <= 1.7.0 Unauthenticated Cross Site Scripting (XSS) vulnerability

+0 AXP

7.1

5 September, 2023

Plugin

Social Media & Share Icons <= 2.8.3 Reflected Cross Site Scripting (XSS) vulnerability

+71 AXP

7.1

29 August, 2023

Plugin

Oxygen Builder < 4.4 Cross Site Request Forgery (CSRF)

+21.6 AXP

5.4

20 July, 2023

Plugin

WPJobBoard <= 5.9.0 Unauth. Blind SQL Injection (SQLi) vulnerability

+8.6 AXP

8.6

27 June, 2023

Theme

Balkon <= 1.3.2 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

7.1

23 June, 2023

Theme

WoodMart <= 7.1.1 Cross Site Request Forgery (CSRF) vulnerability

+8.1 AXP

5.4

9 May, 2023

Theme

TheRoof <= 1.0.3 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

7.1

6 April, 2023

Theme

Outdoor <= 3.9.6 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

7.1

4 April, 2023

Plugin

Slide Anything <= 2.4.9 iFrame Injection to CrossSite Scripting (XSS) vulnerability

+0 AXP

5.9

16 March, 2023

Theme

Real Estate 7 <= 3.3.4 Unauthenticated Arbitrary Email Sending vulnerability

5.8

13 March, 2023

Theme

Real Estate 7 <= 3.3.4 CrossSite Request Forgery vulnerability

4.3

2 March, 2023

Theme

Real Estate 7 <= 3.3.4 Reflected CrossSite Scripting via ct_additional_features vulnerability

+0 AXP

7.1

2 March, 2023

Theme

Real Estate 7 <= 3.3.1 Cross Site Scripting (XSS)

+7.1 AXP

7.1

20 February, 2023

Theme

WoodMart <= 7.0.4 Unauth Arbitrary Shortcodes Injection

+31.8 AXP

5.3

16 February, 2023

Theme

Monolit Theme <= 2.0.6 Cross Site Scripting (XSS) vulnerability

+7.1 AXP

7.1

6 February, 2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Broken Access Control

+5.4 AXP

5.4

27 January, 2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Arbitrary File Upload Vulnerability

+10 AXP

10.0

27 January, 2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Unauthenticated Settings Change Vulnerability

+9.1 AXP

9.1

27 January, 2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Multiple Cross Site Request Forgery (CSRF) Vulnerabilities

+5.4 AXP

5.4

27 January, 2023

Plugin

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.1 Unauthenticated SQL Injection Vulnerability

+8.6 AXP

8.6

27 January, 2023

Plugin

Smart Slider 3 <= 3.5.1.9 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

23 November, 2022

Plugin

Creative Mail <= 1.5.4 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

28 October, 2022

Plugin

SEO Redirection <= 8.9 Multiple CrossSite Scripting (CSRF) vulnerabilities

5.4

25 October, 2022

Plugin

Image Hover Effects Ultimate <= 9.7.1 Auth. WordPress Options Change vulnerability

7.2

25 October, 2022

Plugin

Quiz And Survey Master <= 7.3.6 Multiple Insecure direct object references (IDOR) vulnerabilities

2.7

21 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities

5.4

21 October, 2022

Plugin

Quiz And Survey Master <= 7.3.4 Auth. SQL Injection (SQLi) vulnerability

9.1

21 October, 2022

Plugin

Accordions <= 2.0.3 Authenticated WordPress Options Change vulnerability

7.2

29 September, 2022

Plugin

Analytics Cat <= 1.0.9 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

29 September, 2022

Plugin

Accordions <= 2.0.3 Multiple Auth. Stored CrossSite Scripting (XSS) vulnerabilities

3.4

29 September, 2022

Plugin

Tabs <= 3.7.1 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

3.4

22 September, 2022

Plugin

Awesome Support <= 6.0.7 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

+0 AXP

5.4

14 September, 2022

Plugin

WHA Crossword <= 1.1.10 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

1 September, 2022

Plugin

Word Search Puzzles game <= 2.0.1 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

5.4

1 September, 2022

Plugin

Event Calendar – Calendar <= 1.4.6 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

4.1

25 August, 2022

Plugin

SP Project & Document Manager <= 4.59 Reflected CrossSite Scripting (XSS) vulnerability

6.1

10 August, 2022

Plugin

WPIDE – File Manager & Code Editor <= 2.6 Authenticated Arbitrary File Edit/Upload vulnerability

6.5

9 August, 2022

Plugin

Download Manager <= 3.2.48 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

2 August, 2022

Plugin

Download Manager <= 3.2.48 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

5.4

2 August, 2022

Plugin

Affiliate For WooCommerce <= 4.7.0 Authenticated IDOR vulnerability leading to PayPal email change

6.4

1 August, 2022

Plugin

Tabs <= 3.6.0 Authenticated WordPress Options Change vulnerability

7.2

25 July, 2022

Plugin

Flipbox <= 2.6.0 Authenticated WordPress Options Change vulnerability

7.2

25 July, 2022

Plugin

Shortcode Addons <= 3.1.2 Authenticated WordPress Options Change vulnerability

7.2

25 July, 2022

Plugin

Team <= 1.2.6 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

4.1

20 July, 2022

Plugin

Accordions <= 2.0.2 Unauthenticated WordPress Options Change vulnerability

9.8

30 June, 2022

Plugin

Shortcode Addons <= 3.0.2 Unauthenticated Arbitrary Option Update vulnerability

+0 AXP

9.8

30 June, 2022

Plugin

WP Maintenance <= 6.0.7 Authenticated Stored CrossSite Scripting (XSS) vulnerability

3.4

28 June, 2022

Plugin

Popup Builder <= 4.1.0 CrossSite Request Forgery (CSRF) vulnerability leading to Popup Status Change

5.4

17 June, 2022

Plugin

Social Share Buttons by Supsystic <= 2.2.3 Multiple Broken Access Control vulnerabilities

6.3

9 June, 2022

Plugin

Social Share Buttons by Supsystic <= 2.2.3 Multiple Authenticated SQL Injection (SQLi) vulnerabilities

8.5

9 June, 2022

Plugin

Image Slider by NextCode <= 1.1.2 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

26 May, 2022

Plugin

Image Slider by NextCode <= 1.1.2 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

26 May, 2022

Plugin

Private Messages For WordPress <= 2.1.10 Sending Messages via CrossSite Request Forgery (CSRF) vulnerability

4.3

26 May, 2022

Plugin

Code Snippets <= 2.14.3 Reflected CrossSite Scripting (XSS) vulnerability

4.7

18 May, 2022

Plugin

Code Snippets Extended <= 1.4.7 CrossSite Request Forgery (CSRF) vulnerability

5.4

17 May, 2022

Plugin

Code Snippets Extended <= 1.4.7 CrossSite Request Forgery (CSRF) vulnerability leading to Persistent CrossSite Scripting (XSS)

4.7

17 May, 2022

Plugin

Quick Restaurant Reservations <= 1.4.1 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

4.7

12 May, 2022

Plugin

PNG to JPG <= 4.0 CrossSite Request Forgery (CSRF) leading to Persistent CrossSite Scripting (XSS) vulnerability

4.7

6 May, 2022

Plugin

Remove CPT base <= 5.8 CrossSite Request Forgery (CSRF) vulnerability leading to CPT base deletion

5.4

6 May, 2022

Plugin

wpDataTables <= 2.1.27 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

3.4

6 May, 2022

Plugin

Subscribe To Comments Reloaded <= 211130 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

29 April, 2022

Plugin

Countdown & Clock <= 2.6.6 Pro Features Lock Bypass vulnerability

+0 AXP

3.8

28 April, 2022

Plugin

Countdown & Clock <= 2.3.2 Reflected CrossSite Scripting (XSS) vulnerability

4.7

28 April, 2022

Plugin

Countdown & Clock <= 2.6.6 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.8

28 April, 2022

Plugin

Hermit 音乐播放器 <= 3.1.6 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

28 April, 2022

Plugin

Hermit 音乐播放器 <= 3.1.6 CrossSite Request Forgery (CSRF) leading to Stored CrossSite Scripting (XSS) vulnerability

4.7

28 April, 2022

Plugin

Psychological tests & quizzes <= 0.21.19 Authenticated Stored CrossSite Scripting (XSS) vulnerability

5.4

26 April, 2022

Plugin

Night Mode <= 1.0.0 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

25 April, 2022

Plugin

Rara One Click Demo Import <= 1.2.9 CrossSite Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability

8.8

21 April, 2022

Plugin

Advanced Contact form 7 DB <= 1.8.7 Persistent CrossSite Scripting (XSS) vulnerability

4.7

21 April, 2022

Plugin

Simple Ajax Chat <= 20220115 Sensitive Information Disclosure vulnerability

5.3

15 April, 2022

Plugin

Simple Ajax Chat <= 20220115 Multiple CrossSite Request Forgery (CSRF) vulnerability

5.4

15 April, 2022

Plugin

eRoom – Zoom Meetings & Webinar <= 1.3.7 CrossSite Request Forgery (CSRF) vulnerability leading to Sync with Zoom Meetings

4.3

11 April, 2022

Plugin

eRoom – Zoom Meetings & Webinar <= 1.3.8 CrossSite Request Forgery (CSRF) vulnerability leading to Cache Deletion

4.3

11 April, 2022

Plugin

Yoo Slider <= 2.0.0 CrossSite Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification

4.3

11 April, 2022

Plugin

Yoo Slider <= 2.0.0 CrossSite Request Forgery (CSRF) vulnerability leading to Template Import

4.3

11 April, 2022

Plugin

FV Flowplayer Video Player <= 7.5.18.727 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.1

4 April, 2022

Plugin

Simple Event Planner <= 1.5.4 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

4.1

23 March, 2022

Plugin

Simple Event Planner <= 1.5.4 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

3.4

23 March, 2022

Plugin

Contact Form X <= 2.4 Reflected CrossSite Scripting (XSS) vulnerability

4.7

25 February, 2022

Plugin

WP Google Map Plugin <= 4.2.3 CrossSite Request Forgery (CSRF) vulnerability

5.4

22 February, 2022

Plugin

Spiffy Calendar <= 4.9.0 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

4.7

10 February, 2022

Plugin

Spiffy Calendar <= 4.9.0 Admin+ Persistent CrossSite Scripting (XSS) vulnerability

3.4

10 February, 2022

Plugin

Spiffy Calendar <= 4.9.0 Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities

4.7

10 February, 2022

Plugin

Spiffy Calendar <= 4.9.0 IDOR vulnerability

+0 AXP

6.3

10 February, 2022

Theme

AccessPress Parallax <= 4.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Accesspress Lite <= 2.92 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

AccessPress Store <= 2.4.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Zigcy Lite <= 2.0.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Enlighten <= 1.3.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Accesspress Mag <= 2.6.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

StoreVilla <= 1.4.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Punte <= 1.1.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Accesspress Basic <= 3.2.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

AccessPress Root <= 2.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Construction Lite <= 1.2.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

VMagazine Lite <= 1.3.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

ParallaxSome <= 1.3.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

FotoGraphy <= 2.4.0 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

VMag <= 1.2.7 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Uncode Lite <= 1.3.3 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Bingle <= 1.0.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

The Launcher <= 1.3.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

ScrollMe <= 2.1.0 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Agency Lite <= 1.1.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Swing Lite <= 1.1.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Vmagazine News <= 1.0.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Bloger <= 1.2.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Revolve <= 1.3.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Ripple <= 1.2.0 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Zigcy Cosmetics <= 1.0.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

The Monday <= 1.4.1 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Zigcy Baby <= 1.0.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Doko <= 1.0.27 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Sakala <= 1.0.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Edict Lite <= 1.1.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

The100 <= 1.1.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

WP Store <= 1.1.9 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Eight Sec <= 1.1.4 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

EightLaw Lite <= 2.1.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Eightmedi Lite <= 2.1.8 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

EightStore Lite <= 1.2.5 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Brovy <= 1.3 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

WPparallax <= 2.0.6 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Arrival <= 1.4.2 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Theme

Ultra Seven <= 1.2.8 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

8.1

28 January, 2022

Theme

Opstore <= 1.4.3 Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

+0 AXP

8.1

28 January, 2022

Plugin

[GWA] AutoResponder <= 2.3 Authenticated SQL Injection (SQLi) vulnerability at &orderby

7.2

27 January, 2022

Plugin

[GWA] AutoResponder <= 2.3 CrossSite Request Forgery (CSRF) leading to Persistent CrossSite Scripting (XSS) at &Subject

4.7

27 January, 2022

Plugin

[GWA] AutoResponder <= 2.3 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

27 January, 2022

Plugin

[GWA] AutoResponder <= 2.3 CrossSite Request Forgery (CSRF) leading to Multiple Persistent CrossSite Scripting (XSS)

6.1

27 January, 2022

Plugin

Access Demo Importer <= 1.0.7 CrossSite Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation

6.5

24 January, 2022

Plugin

Access Demo Importer <= 1.0.7 CrossSite Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

8.1

24 January, 2022

Theme

AccessPress Parallax <= 4.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Accesspress Lite <= 2.92 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

AccessPress Store <= 2.4.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Zigcy Lite <= 2.0.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Enlighten <= 1.3.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Accesspress Mag <= 2.6.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

StoreVilla <= 1.4.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Punte <= 1.1.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Accesspress Basic <= 3.2.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

AccessPress Root <= 2.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Construction Lite <= 1.2.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

VMagazine Lite <= 1.3.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

ParallaxSome <= 1.3.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

FotoGraphy <= 2.4.0 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

VMag <= 1.2.7 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Uncode Lite <= 1.3.3 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Bingle <= 1.0.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

The Launcher <= 1.3.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

ScrollMe <= 2.1.0 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Agency Lite <= 1.1.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Swing Lite <= 1.1.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Vmagazine News <= 1.0.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Bloger <= 1.2.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Revolve <= 1.3.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Ripple <= 1.2.0 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Zigcy Cosmetics <= 1.0.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

The Monday <= 1.4.1 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi (Patchstack) in

8.1

24 January, 2022

Theme

Zigcy Baby <= 1.0.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Doko <= 1.0.27 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Sakala <= 1.0.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Edict Lite <= 1.1.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

The100 <= 1.1.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

WP Store <= 1.1.9 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Eight Sec <= 1.1.4 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

EightLaw Lite <= 2.1.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Eightmedi Lite <= 2.1.8 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

EightStore Lite <= 1.2.5 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Brovy <= 1.3 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

WPparallax <= 2.0.6 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Arrival <= 1.4.2 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Theme

Ultra Seven <= 1.2.8 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

8.1

24 January, 2022

Theme

Opstore <= 1.4.3 CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

+0 AXP

8.1

24 January, 2022

Plugin

BP Better Messages <= 1.9.9.148 CrossSite Request Forgery (CSRF) vulnerability

4.3

18 January, 2022

Plugin

WP-DownloadManager <= 1.68.6 DownloadManager plugin <= 1.68.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.8

12 January, 2022

Plugin

PHP Everywhere <= 2.0.3 Remote Code Execution (RCE) vulnerability

9.9

11 January, 2022

Plugin

WP-DownloadManager <= 1.68.5 DownloadManager plugin <= 1.68.5 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

4.8

10 January, 2022

Plugin

tarteaucitron.js – Cookies legislation & GDPR <= 1.6 Multiple Stored Authenticated CrossSite Scripting (XSS) vulnerabilities

3.4

17 December, 2021

Plugin

Accelerated Mobile Pages <= 1.0.77.32 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

+0 AXP

4.8

15 December, 2021

Plugin

Awesome Support <= 6.0.6 Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities

6.1

26 November, 2021

Plugin

Backup Migration <= 1.1.5 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

17 November, 2021

Plugin

Contact Form Entries <= 1.2.3 Unauthenticated Persistent CrossSite Scripting (XSS) vulnerability

6.1

14 November, 2021

Plugin

Contact Form Entries <= 1.2.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

4.8

14 November, 2021

Plugin

Contact Form Entries <= 1.2.3 Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities

4.7

14 November, 2021

Plugin

Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 Unauthenticated Stored CrossSite Scripting (XSS) vulnerability

6.1

12 November, 2021

Plugin

Contact Form 7 Database Addon – CFDB7 <= 1.2.5.9 CrossSite Request Forgery (CSRF) vulnerability

6.5

12 November, 2021

Plugin

Email Tracker <= 5.2.6 CrossSite Request Forgery (CSRF) vulnerabilities leading to single or bulk email entries deletion

5.4

1 November, 2021

Plugin

Download Monitor <= 4.4.6 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

+0 AXP

3.4

29 October, 2021

Plugin

Download Monitor <= 4.4.6 Authenticated Arbitrary File Download vulnerability

6.8

29 October, 2021

Plugin

YITH Maintenance Mode <= 1.3.8 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

6.9

23 September, 2021

Plugin

uListing <= 2.0.5 Authenticated Insecure Direct Object References (IDOR) vulnerability

+0 AXP

7.1

27 July, 2021

Plugin

uListing <= 2.0.5 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

4.8

27 July, 2021

Plugin

uListing <= 2.0.5 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

27 July, 2021

Plugin

uListing <= 2.0.5 Modify User Roles via CrossSite Request Forgery (CSRF) vulnerability

6.5

27 July, 2021

Plugin

uListing <= 2.0.5 Settings Update via CrossSite Request Forgery (CSRF) vulnerability

4.3

27 July, 2021

Plugin

uListing <= 2.0.5 Unauthenticated Privilege Escalation vulnerability

9.8

27 July, 2021

Plugin

uListing <= 2.0.3 Unauthenticated SQL Injection (SQLi) vulnerability

8.6

26 July, 2021

Plugin

iQ Block Country <= 1.2.11 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.5

18 July, 2021

Plugin

WordPress Popular Posts <= 5.3.3 Authenticated Persistent CrossSite Scripting (XSS) vulnerability

5.5

4 July, 2021

Plugin

WP DoNotTrack <= 0.8.8 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

29 June, 2021

Plugin

Async JavaScript <= 2.20.12.09 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

4.8

29 June, 2021

Plugin

WP Reset <= 1.86 Authenticated Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

16 June, 2021

Plugin

WP Google Maps <= 8.1.12 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

5.5

15 June, 2021

Plugin

WP Google Maps Pro <= 8.1.11 Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

5.5

15 June, 2021

Theme

Kupon <= 1.27 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Doo <= 1.25 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Careerfy <= 6.2.0 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Muza <= 1.26 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Strong <= 1.25 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Wisem <= 1.26 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Medican <= 1.27 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021

Theme

Loocall <= 1.23 Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability

7.2

9 June, 2021