💥 Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS
✅ versión 2.0.9.11
🔗 https://wordpress.org/plugins/groundhogg/
ℹ️ https://nitesculucian.github.io/2019/10/23/groundhogg-1-3-2-authentificated-reflected-xss-vulnerability/
✅ versión 2.0.9.11
🔗 https://wordpress.org/plugins/groundhogg/
ℹ️ https://nitesculucian.github.io/2019/10/23/groundhogg-1-3-2-authentificated-reflected-xss-vulnerability/
WordPress.org
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Groundhogg is the best WordPress CRM & Marketing Automation plugin. Create flows, email campaigns, and have a CRM all within your WordPress site.
Para el interés de los aquí presentes... tengo el gusto de anunciar que se acaba de abrir un grupo complementario a este canal, en el que sí permitir la conversación, quedando este canal limpio como consulta de las últimas vulnerabilidades públicas en torno a WordPress.
El grupo recien abierto es: Desarrolladores WordPress en https://t.me/sumapress
Su finalidad es hablar sobre el desarrollo e implementación con WordPress y en el primer mensaje se explica su objetivo. 😄
El grupo recien abierto es: Desarrolladores WordPress en https://t.me/sumapress
Su finalidad es hablar sobre el desarrollo e implementación con WordPress y en el primer mensaje se explica su objetivo. 😄
💥 WP Email Template < 2.2.11 - HTML Injection
✅ versión 2.2.11
🔗 https://wordpress.org/plugins/wp-email-template/
ℹ️ https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
✅ versión 2.2.11
🔗 https://wordpress.org/plugins/wp-email-template/
ℹ️ https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
WordPress.org
WP Email Template
Add a beautiful HTML Template to all WordPress and plugin generated emails. Send email options - SMTP, Gmail, Mandrill, SparkPost, GoDaddy Hosting sup …
💥 Email Templates < 1.3.1 - HTML Injection
✅ versión 1.3.1
🔗 https://wordpress.org/plugins/email-templates/
ℹ️ https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
✅ versión 1.3.1
🔗 https://wordpress.org/plugins/email-templates/
ℹ️ https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
WordPress.org
Email Templates Customizer and Designer for WordPress and WooCommerce
Design and send custom emails with Email Templates plugin for WordPress and WooCommerce
💥 WP HTML Mail < 2.9.1 - HTML Injection
✅ versión 2.9.1
🔗 https://wordpress.org/plugins/wp-html-mail/
ℹ️ https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
✅ versión 2.9.1
🔗 https://wordpress.org/plugins/wp-html-mail/
ℹ️ https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
WordPress.org
Email Template Designer – WP HTML Mail
All in one email template designer for WooCommerce, Ninja Forms, Elementor Forms, Gravity Forms, CF7, Support Plus, EDD, ...
Vulnerabilidades WordPress 😱 pinned «Para el interés de los aquí presentes... tengo el gusto de anunciar que se acaba de abrir un grupo complementario a este canal, en el que sí permitir la conversación, quedando este canal limpio como consulta de las últimas vulnerabilidades públicas en torno…»
💥 About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting (XSS)
✅ versión 1.4.0
🔗 https://wordpress.org/plugins/about-author/
ℹ️ https://nitesculucian.github.io/2019/10/25/about-author-1-3-9-authentificated-stored-xss-vulnerability/
✅ versión 1.4.0
🔗 https://wordpress.org/plugins/about-author/
ℹ️ https://nitesculucian.github.io/2019/10/25/about-author-1-3-9-authentificated-stored-xss-vulnerability/
WordPress.org
About Author
Display Blog Authors Information In Style you can publish blog users profile into any Page or Post in your WordPress sites.
💥 Give WP < 2.5.10 - Multiple Issues
✅ versión 2.5.10
🔗 https://wordpress.org/plugins/give/
ℹ️ https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-wordpress-givewp-plugin/
✅ versión 2.5.10
🔗 https://wordpress.org/plugins/give/
ℹ️ https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-wordpress-givewp-plugin/
WordPress.org
GiveWP – Donation Plugin and Fundraising Platform
Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.
💥💥💥 YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change
✅ versión 2.2.14
ℹ️ https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
✅ versión 2.2.14
ℹ️ https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/
NinTechNet's updates and security announcements.
Authenticated settings change vulnerability in YIT Plugin Framework.
An authenticated settings change vulnerability in the YIT Plugin Framework v3.3.8 and below, used in several dozen WordPress plugins, could allow logged-in users to change the plugin options.
💥 Yith-woocommerce-wishlist WordPress Plugin
✅ versión 2.2.14
🔗 https://wordpress.org/plugins/yith-woocommerce-wishlist/
💥 Yith-woocommerce-compare WordPress Plugin
✅ versión 2.3.15
🔗 https://wordpress.org/plugins/yith-woocommerce-wishlist/
💥 Yith-woocommerce-quick-view WordPress Plugin
✅ versión 1.3.15
🔗 https://wordpress.org/plugins/yith-woocommerce-quick-view/
💥 Yith-woocommerce-zoom-magnifier WordPress Plugin
✅ versión 1.3.12
🔗 https://wordpress.org/plugins/yith-woocommerce-zoom-magnifier/
💥 Yith-woocommerce-ajax-search WordPress Plugin
✅ versión 1.7.1
🔗 https://wordpress.org/plugins/yith-woocommerce-ajax-search/
💥 Yith-woocommerce-badges-management WordPress Plugin
✅ versión 1.3.21
🔗 https://wordpress.org/plugins/yith-woocommerce-badges-management/
💥 Yith-woocommerce-brands-add-on WordPress Plugin
✅ versión 1.3.7
🔗 https://wordpress.org/plugins/yith-woocommerce-brands-add-on/
💥 Yith-woocommerce-request-a-quote WordPress Plugin
✅ versión 1.4.9
🔗 https://wordpress.org/plugins/yith-woocommerce-request-a-quote/
💥 Yith-woocommerce-social-login WordPress Plugin
✅ versión 1.3.6
🔗 https://wordpress.org/plugins/yith-woocommerce-social-login/
💥 Yith-woocommerce-order-tracking WordPress Plugin
✅ versión 1.2.11
🔗 https://wordpress.org/plugins/yith-woocommerce-order-tracking/
💥 Yith-woocommerce-pdf-invoice WordPress Plugin
✅ versión 1.2.13
🔗 https://wordpress.org/plugins/yith-woocommerce-pdf-invoice/
💥 Yith-pre-order-for-woocommerce WordPress Plugin
✅ versión 1.2.1
🔗 https://wordpress.org/plugins/yith-pre-order-for-woocommerce/
💥 Yith-woocommerce-advanced-reviews WordPress Plugin
✅ versión 1.4.0
🔗 https://wordpress.org/plugins/yith-woocommerce-advanced-reviews/
💥 Yith-woocommerce-product-add-ons WordPress Plugin
✅ versión 1.5.23
🔗 https://wordpress.org/plugins/yith-woocommerce-product-add-ons/
💥 Yith-woocommerce-gift-cards WordPress Plugin
✅ versión 1.3.8
🔗 https://wordpress.org/plugins/yith-woocommerce-gift-cards/
💥 Yith-woocommerce-subscription WordPress Plugin
✅ versión 1.3.6
🔗 https://wordpress.org/plugins/yith-woocommerce-subscription/
💥 Yith-woocommerce-affiliates WordPress Plugin
✅ versión 1.6.3
🔗 https://wordpress.org/plugins/yith-woocommerce-affiliates/
💥 Yith-woocommerce-cart-messages WordPress Plugin
✅ versión 1.4.5
🔗 https://wordpress.org/plugins/yith-woocommerce-cart-messages/
💥 Yith-woocommerce-product-bundles WordPress Plugin
✅ versión 1.1.17
🔗 https://wordpress.org/plugins/yith-woocommerce-product-bundles/
💥 Yith-woocommerce-frequently-bought-together WordPress Plugin
✅ versión 1.2.11
🔗 https://wordpress.org/plugins/yith-woocommerce-frequently-bought-together/
✅ versión 2.2.14
🔗 https://wordpress.org/plugins/yith-woocommerce-wishlist/
💥 Yith-woocommerce-compare WordPress Plugin
✅ versión 2.3.15
🔗 https://wordpress.org/plugins/yith-woocommerce-wishlist/
💥 Yith-woocommerce-quick-view WordPress Plugin
✅ versión 1.3.15
🔗 https://wordpress.org/plugins/yith-woocommerce-quick-view/
💥 Yith-woocommerce-zoom-magnifier WordPress Plugin
✅ versión 1.3.12
🔗 https://wordpress.org/plugins/yith-woocommerce-zoom-magnifier/
💥 Yith-woocommerce-ajax-search WordPress Plugin
✅ versión 1.7.1
🔗 https://wordpress.org/plugins/yith-woocommerce-ajax-search/
💥 Yith-woocommerce-badges-management WordPress Plugin
✅ versión 1.3.21
🔗 https://wordpress.org/plugins/yith-woocommerce-badges-management/
💥 Yith-woocommerce-brands-add-on WordPress Plugin
✅ versión 1.3.7
🔗 https://wordpress.org/plugins/yith-woocommerce-brands-add-on/
💥 Yith-woocommerce-request-a-quote WordPress Plugin
✅ versión 1.4.9
🔗 https://wordpress.org/plugins/yith-woocommerce-request-a-quote/
💥 Yith-woocommerce-social-login WordPress Plugin
✅ versión 1.3.6
🔗 https://wordpress.org/plugins/yith-woocommerce-social-login/
💥 Yith-woocommerce-order-tracking WordPress Plugin
✅ versión 1.2.11
🔗 https://wordpress.org/plugins/yith-woocommerce-order-tracking/
💥 Yith-woocommerce-pdf-invoice WordPress Plugin
✅ versión 1.2.13
🔗 https://wordpress.org/plugins/yith-woocommerce-pdf-invoice/
💥 Yith-pre-order-for-woocommerce WordPress Plugin
✅ versión 1.2.1
🔗 https://wordpress.org/plugins/yith-pre-order-for-woocommerce/
💥 Yith-woocommerce-advanced-reviews WordPress Plugin
✅ versión 1.4.0
🔗 https://wordpress.org/plugins/yith-woocommerce-advanced-reviews/
💥 Yith-woocommerce-product-add-ons WordPress Plugin
✅ versión 1.5.23
🔗 https://wordpress.org/plugins/yith-woocommerce-product-add-ons/
💥 Yith-woocommerce-gift-cards WordPress Plugin
✅ versión 1.3.8
🔗 https://wordpress.org/plugins/yith-woocommerce-gift-cards/
💥 Yith-woocommerce-subscription WordPress Plugin
✅ versión 1.3.6
🔗 https://wordpress.org/plugins/yith-woocommerce-subscription/
💥 Yith-woocommerce-affiliates WordPress Plugin
✅ versión 1.6.3
🔗 https://wordpress.org/plugins/yith-woocommerce-affiliates/
💥 Yith-woocommerce-cart-messages WordPress Plugin
✅ versión 1.4.5
🔗 https://wordpress.org/plugins/yith-woocommerce-cart-messages/
💥 Yith-woocommerce-product-bundles WordPress Plugin
✅ versión 1.1.17
🔗 https://wordpress.org/plugins/yith-woocommerce-product-bundles/
💥 Yith-woocommerce-frequently-bought-together WordPress Plugin
✅ versión 1.2.11
🔗 https://wordpress.org/plugins/yith-woocommerce-frequently-bought-together/
WordPress.org
YITH WooCommerce Wishlist
YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 9.8.x compatible.
💥 Yith-woocommerce-bulk-product-editing WordPress Plugin
✅ versión 1.2.15
🔗 https://wordpress.org/plugins/yith-woocommerce-bulk-product-editing/
💥 Yith-woocommerce-stripe WordPress Plugin
✅ versión 2.0.2
🔗 https://wordpress.org/plugins/yith-woocommerce-stripe/
💥 Yith-woocommerce-waiting-list WordPress Plugin
✅ versión 1.3.11
🔗 https://wordpress.org/plugins/yith-woocommerce-waiting-list/
💥 Yith-woocommerce-points-and-rewards WordPress Plugin
✅ versión 1.3.6
🔗 https://wordpress.org/plugins/yith-woocommerce-points-and-rewards/
💥 Yith-advanced-refund-system-for-woocommerce WordPress Plugin
✅ versión 1.0.12
🔗 https://wordpress.org/plugins/yith-advanced-refund-system-for-woocommerce/
💥 Yith-woocommerce-authorizenet-payment-gateway WordPress Plugin
✅ versión 1.1.13
🔗 https://wordpress.org/plugins/yith-woocommerce-authorizenet-payment-gateway/
💥 Yith-woocommerce-best-sellers WordPress Plugin
✅ versión 1.1.13
🔗 https://wordpress.org/plugins/yith-woocommerce-best-sellers/
💥 Yith-woocommerce-mailchimp WordPress Plugin
✅ versión 2.1.4
🔗 https://wordpress.org/plugins/yith-woocommerce-mailchimp/
💥 Yith-woocommerce-product-vendors WordPress Plugin
✅ versión 3.4.1
🔗 https://wordpress.org/plugins/yith-woocommerce-product-vendors/
💥 Yith-woocommerce-questions-and-answers WordPress Plugin
✅ versión 1.2.0
🔗 https://wordpress.org/plugins/yith-woocommerce-questions-and-answers/
💥 Yith-woocommerce-recover-abandoned-cart WordPress Plugin
✅ versión 1.3.4
🔗 https://wordpress.org/plugins/yith-woocommerce-recover-abandoned-cart/
💥 Yith-paypal-express-checkout-for-woocommerce WordPress Plugin
✅ versión 1.2.6
🔗 https://wordpress.org/plugins/yith-paypal-express-checkout-for-woocommerce/
💥 Yith-desktop-notifications-for-woocommerce WordPress Plugin
✅ versión 1.2.8
🔗 https://wordpress.org/plugins/yith-desktop-notifications-for-woocommerce/
✅ versión 1.2.15
🔗 https://wordpress.org/plugins/yith-woocommerce-bulk-product-editing/
💥 Yith-woocommerce-stripe WordPress Plugin
✅ versión 2.0.2
🔗 https://wordpress.org/plugins/yith-woocommerce-stripe/
💥 Yith-woocommerce-waiting-list WordPress Plugin
✅ versión 1.3.11
🔗 https://wordpress.org/plugins/yith-woocommerce-waiting-list/
💥 Yith-woocommerce-points-and-rewards WordPress Plugin
✅ versión 1.3.6
🔗 https://wordpress.org/plugins/yith-woocommerce-points-and-rewards/
💥 Yith-advanced-refund-system-for-woocommerce WordPress Plugin
✅ versión 1.0.12
🔗 https://wordpress.org/plugins/yith-advanced-refund-system-for-woocommerce/
💥 Yith-woocommerce-authorizenet-payment-gateway WordPress Plugin
✅ versión 1.1.13
🔗 https://wordpress.org/plugins/yith-woocommerce-authorizenet-payment-gateway/
💥 Yith-woocommerce-best-sellers WordPress Plugin
✅ versión 1.1.13
🔗 https://wordpress.org/plugins/yith-woocommerce-best-sellers/
💥 Yith-woocommerce-mailchimp WordPress Plugin
✅ versión 2.1.4
🔗 https://wordpress.org/plugins/yith-woocommerce-mailchimp/
💥 Yith-woocommerce-product-vendors WordPress Plugin
✅ versión 3.4.1
🔗 https://wordpress.org/plugins/yith-woocommerce-product-vendors/
💥 Yith-woocommerce-questions-and-answers WordPress Plugin
✅ versión 1.2.0
🔗 https://wordpress.org/plugins/yith-woocommerce-questions-and-answers/
💥 Yith-woocommerce-recover-abandoned-cart WordPress Plugin
✅ versión 1.3.4
🔗 https://wordpress.org/plugins/yith-woocommerce-recover-abandoned-cart/
💥 Yith-paypal-express-checkout-for-woocommerce WordPress Plugin
✅ versión 1.2.6
🔗 https://wordpress.org/plugins/yith-paypal-express-checkout-for-woocommerce/
💥 Yith-desktop-notifications-for-woocommerce WordPress Plugin
✅ versión 1.2.8
🔗 https://wordpress.org/plugins/yith-desktop-notifications-for-woocommerce/
WordPress.org
YITH WooCommerce Bulk Product Editing
YITH WooCommerce Bulk Product Editing allows you to edit the prices of different products at the same time.
💥 WP Google Review Slider <= 6.1 - Authenticated SQL Injection
✅ versión 6.2
🔗 https://wordpress.org/plugins/wp-google-places-review-slider/
✅ versión 6.2
🔗 https://wordpress.org/plugins/wp-google-places-review-slider/
WordPress.org
WP Google Review Slider
Display Google reviews on your site and even show user images! No address, no problem! Also works with Service Area Businesses and Products! Lightwei …
💥 Zoner WordPress Theme <= 4.1.1 - Persistent XSS & IDOR
🔗 https://themeforest.net/item/zoner-real-estate-wordpress-theme/9099226
🔗 https://themeforest.net/item/zoner-real-estate-wordpress-theme/9099226
ThemeForest
Zoner - Real Estate WordPress Theme
Zoner – Real Estate WordPress theme
Zoner It’s a new Real Estate WordPress theme with unique functionality, design and features. Perfect for agency owners, personal or standalone Real estate a...
Zoner It’s a new Real Estate WordPress theme with unique functionality, design and features. Perfect for agency owners, personal or standalone Real estate a...
💥 Currency Switcher for Woocommerce < 2.11.2 - Security Restrictions Bypass
✅ versión 2.11.2
🔗 https://wordpress.org/plugins/currency-switcher-woocommerce/
ℹ️ https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61
✅ versión 2.11.2
🔗 https://wordpress.org/plugins/currency-switcher-woocommerce/
ℹ️ https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61
WordPress.org
Currency Switcher for WooCommerce
Currency Switcher for WooCommerce.
💥 Safe SVG <= 1.9.4 - Denial of Service
✅ versión 1.9.5
🔗 https://wordpress.org/plugins/safe-svg/
ℹ️ https://fortiguard.com/zeroday/FG-VD-19-113
✅ versión 1.9.5
🔗 https://wordpress.org/plugins/safe-svg/
ℹ️ https://fortiguard.com/zeroday/FG-VD-19-113
WordPress.org
Safe SVG
Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
💥 Tidio Live Chat <= 4.1.0 CSRF to Stored XSS
✅ versión 4.2.0
🔗 https://wordpress.org/plugins/tidio-live-chat/
ℹ https://dannewitz.ninja/posts/tidio-livechat-wordpress-plugin-csrf-to-stored-xss
✅ versión 4.2.0
🔗 https://wordpress.org/plugins/tidio-live-chat/
ℹ https://dannewitz.ninja/posts/tidio-livechat-wordpress-plugin-csrf-to-stored-xss
WordPress.org
Tidio – Live Chat & AI Chatbots
Add Tidio Live Chat to your WordPress for free to answer customers’ questions, engage website visitors, generate leads, and increase sales.
💥 Funnel Builder by CartFlows < 1.3.1 - Authenticated Arbitrary Plugin Activation
✅ versión 1.3.1
🔗 https://wordpress.org/plugins/cartflows/
ℹ️ https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/
✅ versión 1.3.1
🔗 https://wordpress.org/plugins/cartflows/
ℹ️ https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/
WordPress.org
WooCommerce Checkout & Funnel Builder by CartFlows
WooCommerce checkout & funnel builder to boost conversion and revenue with beautiful and optimized checkout pages & funnels.
Soporte WordPress
Grupo para solicitar soporte en torno a WordPress y ofrecer ayuda al que lo necesita, patrocinado por SumaPress
https://t.me/soporteWP
Grupo para solicitar soporte en torno a WordPress y ofrecer ayuda al que lo necesita, patrocinado por SumaPress
https://t.me/soporteWP
Telegram
Soporte WordPress
Grupo para solicitar soporte entorno a WordPress y ofrecer ayuda al que lo necesita, patrocinado por SumaPress
💥 Safe SVG < 1.9.6 - XSS Protection Bypass
✅ versión 1.9.6
🔗 https://wordpress.org/plugins/safe-svg/
ℹ https://github.com/darylldoyle/svg-sanitizer/issues/31
✅ versión 1.9.6
🔗 https://wordpress.org/plugins/safe-svg/
ℹ https://github.com/darylldoyle/svg-sanitizer/issues/31
WordPress.org
Safe SVG
Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
💥 IgniteUp < 3.4.1 - Multiple Issues
✅ versión 3.4.1
🔗 https://wordpress.org/plugins/igniteup/
ℹ https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/
✅ versión 3.4.1
🔗 https://wordpress.org/plugins/igniteup/
ℹ https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/
WordPress.org
IgniteUp – Coming Soon and Maintenance Mode
Create your Coming Soon, Under Constructions or Maintenance Mode page with a few clicks. More than 9 mobile responsive templates to choose.