Page last updated:

October 14, 2024

Type

Affected Software

Latest Version

Description

Severity

Date

  • Plugin

    ShortPixel Image Optimizer

    <=

    5.6.3

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    5.4

    0 days ago

    Type

    Plugin

    5.4

    Affected Software

    ShortPixel Image Optimizer

    Latest Version

    <=

    5.6.3

    Description

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    0 days ago

  • Plugin

    TablePress

    <=

    2.4.2

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    4.9

    0 days ago

    Type

    Plugin

    4.9

    Affected Software

    TablePress

    Latest Version

    <=

    2.4.2

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    0 days ago

  • Plugin

    Elementor

    <=

    3.24.5

    Sensitive Data Exposure – This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.

    4.3

    0 days ago

    Type

    Plugin

    4.3

    Affected Software

    Elementor

    Latest Version

    <=

    3.24.5

    Description

    Sensitive Data Exposure – This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.

    0 days ago

  • Plugin

    Jetpack

    <=

    13.9.1

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    4.3

    0 days ago

    Type

    Plugin

    4.3

    Affected Software

    Jetpack

    Latest Version

    <=

    13.9.1

    Description

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    0 days ago

  • Plugin

    Plus Addons for Elementor

    <=

    5.6.11

    Sensitive Data Exposure – This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.

    6.5

    3 days ago

    Type

    Plugin

    6.5

    Affected Software

    Plus Addons for Elementor

    Latest Version

    <=

    5.6.11

    Description

    Sensitive Data Exposure – This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.

    3 days ago

  • Plugin

    PublishPress

    <=

    3.5.14

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    7.1

    4 days ago

    Type

    Plugin

    7.1

    Affected Software

    PublishPress

    Latest Version

    <=

    3.5.14

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    4 days ago

  • Plugin

    Blubrry PowerPress

    <=

    11.9.18

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    4 days ago

    Type

    Plugin

    6.5

    Affected Software

    Blubrry PowerPress

    Latest Version

    <=

    11.9.18

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    4 days ago

  • Plugin

    Royal Elementor Addons

    <=

    1.3.986

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    5 days ago

    Type

    Plugin

    6.5

    Affected Software

    Royal Elementor Addons

    Latest Version

    <=

    1.3.986

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    5 days ago

  • Plugin

    Advanced Custom Fields

    <=

    6.3.7

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    5.4

    7 days ago

    Type

    Plugin

    5.4

    Affected Software

    Advanced Custom Fields

    Latest Version

    <=

    6.3.7

    Description

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    7 days ago

  • Plugin

    Rank Math SEO

    <=

    1.0.228

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    6.5

    7 days ago

    Type

    Plugin

    6.5

    Affected Software

    Rank Math SEO

    Latest Version

    <=

    1.0.228

    Description

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    7 days ago

  • Plugin

    Memberful

    <=

    1.73.7

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    10 days ago

    Type

    Plugin

    6.5

    Affected Software

    Memberful

    Latest Version

    <=

    1.73.7

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    10 days ago

  • Plugin

    Code Embed

    <=

    2.4

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    10 days ago

    Type

    Plugin

    6.5

    Affected Software

    Code Embed

    Latest Version

    <=

    2.4

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    10 days ago

  • Plugin

    Ultimate Member

    <=

    2.8.6

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    10 days ago

    Type

    Plugin

    6.5

    Affected Software

    Ultimate Member

    Latest Version

    <=

    2.8.6

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    10 days ago

  • Plugin

    Smart Custom 404 Error Page

    <=

    11.4.7

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    7.1

    10 days ago

    Type

    Plugin

    7.1

    Affected Software

    Smart Custom 404 Error Page

    Latest Version

    <=

    11.4.7

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    10 days ago

  • Plugin

    Ajax Load More

    <=

    7.1.2

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    11 days ago

    Type

    Plugin

    6.5

    Affected Software

    Ajax Load More

    Latest Version

    <=

    7.1.2

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    11 days ago

  • Plugin

    TinyPNG

    <=

    3.4.3

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    5.4

    11 days ago

    Type

    Plugin

    5.4

    Affected Software

    TinyPNG

    Latest Version

    <=

    3.4.3

    Description

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    11 days ago

  • Plugin

    Unlimited Elements For Elementor

    <=

    1.5.121

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    7.1

    13 days ago

    Type

    Plugin

    7.1

    Affected Software

    Unlimited Elements For Elementor

    Latest Version

    <=

    1.5.121

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    13 days ago

  • Plugin

    Starter Templates

    <=

    4.4.0

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    5.9

    13 days ago

    Type

    Plugin

    5.9

    Affected Software

    Starter Templates

    Latest Version

    <=

    4.4.0

    Description

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    13 days ago

  • Plugin

    OAuth Single Sign On – SSO (OAuth Client)

    <=

    38.4.9

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    4.3

    13 days ago

    Type

    Plugin

    4.3

    Affected Software

    OAuth Single Sign On – SSO (OAuth Client)

    Latest Version

    <=

    38.4.9

    Description

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    13 days ago

  • Plugin

    Simple Membership After Login Redirection

    <=

    1.6

    Open Redirection – This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident.

    4.7

    13 days ago

    Type

    Plugin

    4.7

    Affected Software

    Simple Membership After Login Redirection

    Latest Version

    <=

    1.6

    Description

    Open Redirection – This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident.

    13 days ago

Copy

Diagnose and Optimize Your Site 

Get Your Free WordPress Health Score