π₯ WP Product Review < 3.7.6 - Unauthenticated Stored Cross-Site Scripting (XSS)
β 3.7.6
π https://wordpress.org/plugins/wp-product-review/
βΉοΈ https://labs.sucuri.net/unauthenticated-stored-cross-site-scripting-in-wp-support-review/
β 3.7.6
π https://wordpress.org/plugins/wp-product-review/
βΉοΈ https://labs.sucuri.net/unauthenticated-stored-cross-site-scripting-in-wp-support-review/
WordPress.org
WP Product Review Lite
Easily turn your basic posts into in-depth reviews with ratings, pros and cons, affiliate links, rich snippets and user reviews.
π₯ Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
β 1.5.55
π https://wordpress.org/plugins/photo-gallery/
βΉοΈ https://plugins.trac.wordpress.org/changeset/2304193
β 1.5.55
π https://wordpress.org/plugins/photo-gallery/
βΉοΈ https://plugins.trac.wordpress.org/changeset/2304193
WordPress.org
Photo Gallery by 10Web β Mobile-Friendly Image Gallery
Photo Gallery is a powerful image gallery plugin with a list of advanced options for creating responsive image galleries with beautiful lightbox.
π₯ Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
β 5.0.4
π https://wordpress.org/plugins/team-members/
β 5.0.4
π https://wordpress.org/plugins/team-members/
WordPress.org
Team Members
A responsive and clean way to display your team. Create members, add their positions, bios (and more...) and copy-paste the shortcode anywhere.
π₯ Visual Composer < 27.0 - Multiple Authenticated Cross-Site Scripting Issues
β 27.0
π https://wordpress.org/plugins/visualcomposer/
βΉοΈ https://blog.nintechnet.com/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin/
β 27.0
π https://wordpress.org/plugins/visualcomposer/
βΉοΈ https://blog.nintechnet.com/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin/
WordPress.org
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
[New] Easy drag and drop page builder that gives the freedom to design WordPress websites, landing pages, custom themes, maintenance mode & coming β¦
π₯ Ajax Load More <= 5.3.1 - Authenticated SQL Injection
π https://wordpress.org/plugins/ajax-load-more/
βΉοΈ https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A1-Injection
π https://wordpress.org/plugins/ajax-load-more/
βΉοΈ https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A1-Injection
WordPress.org
WordPress Infinite Scroll β Ajax Load More
The ultimate infinite scroll and lazy load solution for your WordPress powered website.
π₯ Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection
β 2.3.3
π https://wordpress.org/plugins/paid-memberships-pro/
βΉοΈ https://jvn.jp/en/jp/JVN20248858/
β 2.3.3
π https://wordpress.org/plugins/paid-memberships-pro/
βΉοΈ https://jvn.jp/en/jp/JVN20248858/
WordPress.org
Paid Memberships Pro β Content Restriction, User Registration, & Paid Subscriptions
Build a membership site that grows with you: user registration, member profiles, 28 protected content types, free or paid subscriptions.
π₯ Ajax Load More < 5.3.2 - Authenticated SQL Injection
β 5.3.2
π https://wordpress.org/plugins/ajax-load-more/
β 5.3.2
π https://wordpress.org/plugins/ajax-load-more/
WordPress.org
WordPress Infinite Scroll β Ajax Load More
The ultimate infinite scroll and lazy load solution for your WordPress powered website.
π₯ WP Frontend Profile < 1.2.2 - CSRF Check Incorrectly Implemented
β 1.2.2
π https://wordpress.org/plugins/wp-front-end-profile/
βΉοΈ https://github.com/glowlogix/wp-frontend-profile/issues/52
β 1.2.2
π https://wordpress.org/plugins/wp-front-end-profile/
βΉοΈ https://github.com/glowlogix/wp-frontend-profile/issues/52
WordPress.org
WP Frontend Profile
WP Frontend Profile allows users to edit/view their profile and register/login without going into the dashboard to do so.
π₯ Add-on SweetAlert Contact Form 7 < 1.0.8 - Authenticated Stored Cross-Site Scripting (XSS)
β 1.0.8
π https://wordpress.org/plugins/addon-sweetalert-contact-form-7/
β 1.0.8
π https://wordpress.org/plugins/addon-sweetalert-contact-form-7/
WordPress.org
Add-on SweetAlert Contact Form 7
Add SweetAlert2 script into Contact Form 7 submission process.
π₯ ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS
β 3.9.3
π https://wordpress.org/plugins/thirstyaffiliates/
βΉοΈ https://plugins.trac.wordpress.org/changeset/2310320/thirstyaffiliates
β 3.9.3
π https://wordpress.org/plugins/thirstyaffiliates/
βΉοΈ https://plugins.trac.wordpress.org/changeset/2310320/thirstyaffiliates
WordPress.org
ThirstyAffiliates β Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
π Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. π₯
π₯ Official MailerLite Sign Up Forms <= 1.4.4 - Multiple CSRF Issues
β 1.4.5
π https://wordpress.org/plugins/official-mailerlite-sign-up-forms/
βΉοΈ https://www.webarxsecurity.com/sql-injection-csrf-vulnerabilities-in-mailerlite-sign-up-forms-plugin/
β 1.4.5
π https://wordpress.org/plugins/official-mailerlite-sign-up-forms/
βΉοΈ https://www.webarxsecurity.com/sql-injection-csrf-vulnerabilities-in-mailerlite-sign-up-forms-plugin/
WordPress.org
MailerLite β Signup forms (official)
Add newsletter signup forms to your WordPress site. Subscribers will be saved directly to your MailerLite account. Super easy to set up!
π₯ Form Maker by 10Web <= 1.13.35 - Authenticated SQL Injection
π https://wordpress.org/plugins/form-maker/
π https://wordpress.org/plugins/form-maker/
WordPress.org
Form Maker by 10Web β Mobile-Friendly Drag & Drop Contact Form Builder
Form Maker is a user-friendly contact form builder that allows to create forms for any purpose, from a simple contact form to multi page survey forms
π₯ Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass
β 1.3.3.3
π https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/
βΉοΈ https://www.exploit-db.com/exploits/48520
β 1.3.3.3
π https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/
βΉοΈ https://www.exploit-db.com/exploits/48520
WordPress.org
Drag and Drop Multiple File Upload β Contact Form 7
This simple plugin create Drag & Drop or choose Multiple File upload in your Confact Form 7 Forms.
π₯ Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 Unprotected AJAX's leading to XSS
π₯ Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 CSRF leading to XSS
β 1.1.2
π https://wordpress.org/plugins/pagelayer/https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/
βΉοΈ https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/
π₯ Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 CSRF leading to XSS
β 1.1.2
π https://wordpress.org/plugins/pagelayer/https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/
βΉοΈ https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/
WordPress.org
Page Builder: PageLayer β Drag and Drop website builder
The most advanced frontend drag & drop page builder. PageLayer is a light weight but extremely powerful Website Builder.
π₯ Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site Scripting (XSS)
β 3.4.19
π https://wordpress.org/plugins/final-tiles-grid-gallery-lite/
βΉοΈ https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
β 3.4.19
π https://wordpress.org/plugins/final-tiles-grid-gallery-lite/
βΉοΈ https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
WordPress.org
Image Photo Gallery Final Tiles Grid
Image Gallery + Photo Gallery + Portfolio Gallery + Tiled Gallery in 1 plugin. Includes lightbox and hover effects. It supports Pinterest (masonry) ph β¦
π₯ bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums list table
π₯ bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super Moderator feature
π₯ bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled
β 2.6.5
π https://wordpress.org/plugins/bbpress/
βΉοΈ https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/
π₯ bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super Moderator feature
π₯ bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled
β 2.6.5
π https://wordpress.org/plugins/bbpress/
βΉοΈ https://bbpress.org/blog/2020/05/bbpress-2-6-5-is-out/
WordPress.org
bbPress
bbPress is forum software for WordPress.
π₯Multi Scheduler <= 1.0.0 - Arbitrary Record Deletion via CSRF
π https://wordpress.org/plugins/multi-scheduler/
βΉοΈ https://www.exploit-db.com/exploits/48532
π https://wordpress.org/plugins/multi-scheduler/
βΉοΈ https://www.exploit-db.com/exploits/48532
WordPress.org
multi Scheduler
Multi Scheduler β Appointment Booking and Schedule Plugin Easy schedule
π₯ MapPress Maps < 2.54.6 - Improper Capability Checks in AJAX Calls
β 2.54.6
π https://wordpress.org/plugins/mappress-google-maps-for-wordpress/
βΉοΈ https://blog.alertlogic.com/alert-logic-threat-research-team-identifies-new-vulnerability-cve-2020-12675-in-mappress-plugin-for-wordpress/
β 2.54.6
π https://wordpress.org/plugins/mappress-google-maps-for-wordpress/
βΉοΈ https://blog.alertlogic.com/alert-logic-threat-research-team-identifies-new-vulnerability-cve-2020-12675-in-mappress-plugin-for-wordpress/
WordPress.org
MapPress Maps for WordPress
MapPress is the easiest way to add unlimited interactive Google and Leaflet maps to WordPress.
π₯ AdRotate < 5.8.4 - Authenticated SQL Injection
β 5.8.4
π https://wordpress.org/plugins/adrotate/
βΉοΈ https://ajdg.solutions/blog/adrotate-5-8-4-security-update/
β 5.8.4
π https://wordpress.org/plugins/adrotate/
βΉοΈ https://ajdg.solutions/blog/adrotate-5-8-4-security-update/
WordPress.org
AdRotate Banner Manager β The only ad manager you'll need
Advertising made easy. Manage all your ads including Google Ads, Amazon banners and many more from your dashboard.
π₯ Simple File List < 4.2.8 - Authenticated Arbitrary File Deletion
β 4.2.8
π https://wordpress.org/plugins/simple-file-list/
βΉοΈ https://ctulhu.me/2020/05/16/cve-2020-12832/
β 4.2.8
π https://wordpress.org/plugins/simple-file-list/
βΉοΈ https://ctulhu.me/2020/05/16/cve-2020-12832/
WordPress.org
Simple File List
Simple File List gives your WordPress website a list of your files which allows your users to open and download them.