💥 Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting
✅ 10.3.4
🔗 https://themeforest.net/item/newspaper/5489609
ℹ️ https://secupress.me/blog/newspaper-theme-xss-1033/.https:/themeforest.net/item/newspaper/5489609
✅ 10.3.4
🔗 https://themeforest.net/item/newspaper/5489609
ℹ️ https://secupress.me/blog/newspaper-theme-xss-1033/.https:/themeforest.net/item/newspaper/5489609
ThemeForest
Newspaper - News & WooCommerce WordPress Theme
Newspaper is a WordPress theme that lets you write articles and blog posts with ease.
We offer great support and friendly help!
Create a great news website with our newspaper WordPress t...
We offer great support and friendly help!
Create a great news website with our newspaper WordPress t...
💥 Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
✅ 3.9.0
🔗 https://themeforest.net/item/careerfy-job-board-wordpress-theme/21137053
✅ 3.9.0
🔗 https://themeforest.net/item/careerfy-job-board-wordpress-theme/21137053
ThemeForest
Careerfy - Job Board WordPress Theme
Careerfy – Job Board WordPress theme is advanced job board WordPress theme brings you the most simple solution to display jobs on any type of websites job board WordPress theme . You may already...
💥 JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
✅ 1.5.1
🔗 https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
✅ 1.5.1
🔗 https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
CodeCanyon
JobSearch WP Job Board WordPress Plugin
WP Job Search brings you the most simple solution to display jobs on any type of websites. You may already know, some really big Job Portals provides the option to use their database and extend y...
💥 Elementor Page Builder < 2.9.10 Authenticated Stored XSS
✅ 2.9.10
🔗 https://wordpress.org/plugins/elementor/
ℹ️ https://www.softwaresecured.com/elementor-page-builder-stored-xss/
✅ 2.9.10
🔗 https://wordpress.org/plugins/elementor/
ℹ️ https://www.softwaresecured.com/elementor-page-builder-stored-xss/
WordPress.org
Elementor Website Builder – More than Just a Page Builder
The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!
💥 SportsPress < 2.7.2 - Authenticated Stored Cross-Site Scripting
✅ 2.7.2
🔗 https://wordpress.org/plugins/sportspress/
ℹ️ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13892
✅ 2.7.2
🔗 https://wordpress.org/plugins/sportspress/
ℹ️ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13892
WordPress.org
SportsPress – Sports Club & League Manager
SportsPress is an extendable all-in-one sports data plugin that helps sports clubs set up and manage a league or club site quickly and easily.
💥 Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection
✅ 6.3.1
🔗 https://wordpress.org/plugins/blog2social/
✅ 6.3.1
🔗 https://wordpress.org/plugins/blog2social/
WordPress.org
Blog2Social: Social Media Auto Post & Scheduler
Autopost, schedule and share blog posts and contents on social media, pages & groups on Facebook, Twitter, LinkedIn, Instagram, XING etc.
💥 Brizy - Page Builder < 1.0.126 - Improper Access Controls on AJAX Calls
✅ 1.0.126
🔗 https://wordpress.org/plugins/brizy/
ℹ️ https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/
✅ 1.0.126
🔗 https://wordpress.org/plugins/brizy/
ℹ️ https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/
WordPress.org
Brizy – Page Builder
A page builder that is fast & easy, Brizy is a next-gen website builder that anyone can use. No designer or developer skills required.
💥 WordPress 5.4.2 Security and Maintenance Release
https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
WordPress News
WordPress 5.4.2 Security and Maintenance Release
WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress …
💥 KingComposer < 2.9.4 - Multiple Critical Issues
✅ 2.9.4
🔗 https://wordpress.org/plugins/kingcomposer/
ℹ️ https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/
✅ 2.9.4
🔗 https://wordpress.org/plugins/kingcomposer/
ℹ️ https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/
WordPress.org
Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme
Lightweight and extremely powerful Page Builder. Allow you to easily create pages like a true professional without programming knowledge required.
💥 Testimonial Rotator < 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)
✅ 3.0.3
🔗 https://wordpress.org/plugins/testimonial-rotator/
ℹ️ https://youtu.be/gEj83Ecq-vM
✅ 3.0.3
🔗 https://wordpress.org/plugins/testimonial-rotator/
ℹ️ https://youtu.be/gEj83Ecq-vM
WordPress.org
Testimonial Rotator
Easily add and manage Testimonials to your site.
💥 wpDiscuz < 5.3.6 - Unauthenticated SQL Injection
✅ 5.3.6
🔗 https://wordpress.org/plugins/wpdiscuz/
ℹ️ https://wpdiscuz.com/community/news/security-vulnerability-issue-in-5-3-5-please-udate/
✅ 5.3.6
🔗 https://wordpress.org/plugins/wpdiscuz/
ℹ️ https://wpdiscuz.com/community/news/security-vulnerability-issue-in-5-3-5-please-udate/
WordPress.org
Comments – wpDiscuz
AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!
💥 CityBook < 2.4.4 - Unauthenticated Reflected XSS
✅ 2.4.4
🔗 https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
✅ 2.4.4
🔗 https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
ThemeForest
CityBook - Directory & Listing WordPress Theme
CityBook – Directory & Listing WordPress Theme is perfect if you like a clean and modern design. CityBook a listing directory theme that will help you create, manage and monetize a local or global ...
💥 TownHub < 1.3.0 - Unauthenticated Reflected XSS
✅ 1.3.0
🔗 https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
✅ 1.3.0
🔗 https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
ThemeForest
TownHub - Directory & Listing WordPress Theme
“TownHub – Directory & Listing WordPress Theme” is perfect if you like a clean and modern design. This theme will help you create, manage and monetize a local or global directory site.
...
...
💥 Travel Booking < 2.8.2 - Unauthenticated Reflected XSS
✅ 2.8.2
🔗 https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683
✅ 2.8.2
🔗 https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683
ThemeForest
Traveler - Travel Booking WordPress Theme
Traveler – Travel Booking WordPress Theme helps you Save Time, Save Money, Save Face, Save everything can Save to make online booking travel: With fully c...
💥 All in One Support Button < 1.8.8 - Authenticated Stored Cross-Site Scripting
✅ 1.8.8
🔗 https://codecanyon.net/item/contact-us-allinone-button-with-callback-request-feature-for-wordpress/22266189
✅ 1.8.8
🔗 https://codecanyon.net/item/contact-us-allinone-button-with-callback-request-feature-for-wordpress/22266189
CodeCanyon
All in One Support Button + Callback Request. WhatsApp, Messenger, Telegram, LiveChat and more...
All in One Support Button displays on every page of your site and provide as many contact methods as you want.
...
...
💥 WP-Pro-Quiz <= 0.37 - CSRF leading to arbitrary quiz deletion
🔗 https://wordpress.org/plugins/wp-pro-quiz/
ℹ️ https://medium.com/@hoanhp/0-days-story-1-wp-pro-quiz-2115dd77a6d4
🔗 https://wordpress.org/plugins/wp-pro-quiz/
ℹ️ https://medium.com/@hoanhp/0-days-story-1-wp-pro-quiz-2115dd77a6d4
WordPress.org
Wp-Pro-Quiz
A powerful and beautiful quiz plugin for WordPress.
⚠️ Finaliza la actividad del presente canal, por lo que para recibir una información similar se recomienda acudir a otros servicios:
- https://wpvulndb.com/api
- https://wpvuln.appvery.com/
- https://wpscan.io/
- https://wpvulndb.com/api
- https://wpvuln.appvery.com/
- https://wpscan.io/
WPScan
WordPress Vulnerability Database API
The WPScan WordPress Vulnerability Database API is provided for users and developers to make use of our vulnerability database data. Our data includes WordPress vulnerabilities, plugin vulnerabilit…
Por si a alguien le es útil para estar avisado olvidé citar este recurso: https://github.com/PCianes/WordPress-Vulnerability-Warnings
GitHub
PCianes/WordPress-Vulnerability-Warnings
Check by scraping on others webs about latest WordPress vulnerabilities to report by email - PCianes/WordPress-Vulnerability-Warnings
Como ya varias personas me han preguntado, lo indico mejor también aquí 😊. El motivo de finalizar la actividad de este canal es el trabajo que supone las publicaciones aunque ahora lo tengo más automatizado con mis propios avisos a mi correo... la publicación es manual 🙃 y no tengo ningún tipo de retorno... Ni en forma de emojis 😬 y sin casi estar seguro si es realmente de interés. Si alguien quiere patrocinar se puede mantener el canal abierto para tod@s. Otra opción es dejar el canal privado sólo para los que quieran apoyarlo con por ejemplo un Paetron. En cualquier caso el que quiera que me contacte para comentar estos u otros supuestos como ceder el canal ✌️ En otro caso si se prefieren avisos por email tenéis https://wpvuln.appvery.com/
Appvery
WordPress vulnerabilities newsletter
Instant email alerts when there are a new vulnerabilities to help you keep all your sites secure
The account of the user that owns this channel has been inactive for the last 1 month. If it remains inactive in the next 9 days, that account will self-destruct and this channel will no longer have an owner.