User

Welcome to WordPress Community Forum. Please login or sign up.

Nov 25, 2024, 11:23 AM

Login with username, password and session length

Shoutbox

Recent

Stats

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 5
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 3
  • Total: 3

Online

3 Guests, 0 Users

Recent posts

Pages 1 2 3 4 ... 6
#11
WordPress Vulnerability / WordPress Flexible Shipping pl...
Last post by Kailash - Jun 15, 2022, 10:09 AM
WordPress Flexible Shipping plugin <= 4.11.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Table Rate Shipping Method for WooCommerce by Flexible Shipping
Vulnerable versions: <= 4.11.8
Fixed in: 4.11.9
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Flexible Shipping plugin versions <= 4.11.8.

Solution

Update the WordPress Flexible Shipping plugin to the latest available version (at least 4.11.9).

Plugin Link: https://wordpress.org/plugins/flexible-shipping/
#12
WordPress Vulnerability / WordPress Woody Code Snippets ...
Last post by Kailash - Jun 15, 2022, 10:06 AM
WordPress Woody Code Snippets plugin <= 2.4.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Woody code snippets – Insert Header Footer Code, AdSense Ads
Vulnerable versions: <= 2.4.5
Fixed in: 2.4.6
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Woody Code Snippets plugin (versions <= 2.4.5).

Solution

Update the WordPress Woody Code Snippets plugin to the latest available version (at least 2.4.6).

Plugin Link: https://wordpress.org/plugins/insert-php/
#13
WordPress Vulnerability / WordPress XO Slider plugin <= ...
Last post by Kailash - Jun 15, 2022, 10:02 AM
WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: XO Slider
Vulnerable versions: <= 3.3.2
Fixed in: 3.3.3
CVE ID: CVE-2022-32280
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress XO Slider plugin (versions <= 3.3.2).

Solution

Update the WordPress XO Slider plugin to the latest available version (at least 3.3.3).

Plugin Link: https://wordpress.org/plugins/xo-liteslider/
#14
WordPress Vulnerability / WordPress eaSYNC plugin <= 1.1...
Last post by Kailash - Jun 15, 2022, 09:58 AM
WordPress eaSYNC plugin <= 1.1.15 - Unauthenticated Arbitrary File Upload vulnerability

Plugin name: Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC
Vulnerable versions: <= 1.1.15
Fixed in: 1.1.16
CVE ID: CVE-2022-1952
Classification: Arbitrary File Upload
Publicly disclosed: 2022-06-15

Vulnerability Details

Unauthenticated Arbitrary File Upload vulnerability discovered by cydave in WordPress eaSYNC plugin (versions <= 1.1.15).

Solution

Update the WordPress eaSYNC plugin to the latest available version (at least 1.1.16).

Plugin Link: https://wordpress.org/plugins/easync-booking/
#15
WordPress Vulnerability / WordPress Sharebar plugin <= 1...
Last post by Kailash - Jun 15, 2022, 09:55 AM
WordPress Sharebar plugin <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Plugin name: WordPress Sharebar plugin
Vulnerable versions: <= 1.4.1
Fixed in: N/A
CVE ID: CVE-2022-1626
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15

Vulnerability Details

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Sharebar plugin (versions <= 1.4.1).

Solution

Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: N/A
#16
WordPress Vulnerability / WordPress Pagebar plugin <= 2....
Last post by Kailash - Jun 15, 2022, 09:52 AM
WordPress Pagebar plugin <= 2.65 - Arbitrary Settings Update via CSRF vulnerability to Stored XSS

Plugin name: WordPress Pagebar plugin
Vulnerable versions: <= 2.65
Fixed in: N/A
CVE ID: CVE-2022-1757
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed:  2022-06-15

Vulnerability Details

Arbitrary Settings Update via CSRF vulnerability to Stored XSS discovered by Daniel Ruf in WordPress Pagebar plugin (versions <= 2.65)

Solution

Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: N/A
#17
WordPress Vulnerability / Spectra WordPress Gutenberg Bl...
Last post by Kailash - Jun 14, 2022, 01:11 AM
WordPress Spectra plugin <= 1.25.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Spectra – WordPress Gutenberg Blocks
Vulnerable versions: <= 1.25.5
Fixed in: 1.25.6
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Spectra plugin (versions <= 1.25.5).

Solution

Update the WordPress Spectra plugin to the latest available version (at least 1.25.6).

Plugin Link: https://wordpress.org/plugins/ultimate-addons-for-gutenberg/
#18
WordPress Vulnerability / WordPress Ninja Forms plugin <...
Last post by Kailash - Jun 14, 2022, 01:04 AM
WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: Ninja Forms Contact Form
Vulnerable versions: <= 3.6.9
Fixed in: 3.6.10
CVE ID: CVE-2021-25056
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Muhammad Adel WordPress Ninja Forms plugin (versions <= 3.6.9).

Solution

Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.10).

Plugin Link: https://wordpress.org/plugins/ninja-forms/
#19
WordPress Vulnerability / WordPress Elementor plugin <= ...
Last post by Kailash - Jun 13, 2022, 08:08 AM
WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Elementor Website Builder
Vulnerable versions: <= 3.5.5
Fixed in: 3.5.6
CVE ID: CVE-2022-29455
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability discovered by Rotem Bar (Patchstack Alliance) in WordPress Elementor plugin (versions <= 3.5.5).

Solution

Update the WordPress Elementor plugin to the latest available version (at least 3.5.6).

Plugin Link: https://wordpress.org/plugins/elementor/
#20
WordPress Vulnerability / WordPress Copify plugin <= 1.3...
Last post by Kailash - Jun 10, 2022, 05:27 AM
WordPress Copify plugin <= 1.3.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

Plugin name: WordPress Copify plugin
Vulnerable versions: <= 1.3.0
Fixed in:  N/A
CVE ID: CVE-2022-1900
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-08

Vulnerability Details

Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS) was discovered by Yuki Hoshi (Cryptography Laboratory in Tokyo Denki University) in the WordPress Copify plugin (versions <= 1.3.0)

Solution

Deactivate and delete. This plugin has been closed as of May 27, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: Temporary closed for download or not available
Pages 1 2 3 4 ... 6