Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
SiteCare
Pulse
Every day our team monitors threats that put your website at risk. We proactively patch vulnerabilities to protect your users, data, and your reputation.
17 vulnerabilities patched in the last 30 days
Page last updated:
Type
Affected Software
Latest Version
Description
Severity
Date
-
Plugin
Elementor
<=
3.25.7
6.5
209 days ago
Type
Plugin
6.5
Affected Software
Elementor
Latest Version
<=
3.25.7
Description
pulse_description
209 days ago
-
Plugin
WP Maximum Upload File Size
<=
1.1.3
Sensitive Data Exposure – This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.
4.3
210 days ago
Type
Plugin
4.3
Affected Software
WP Maximum Upload File Size
Latest Version
<=
1.1.3
Description
pulse_description
210 days ago
-
Plugin
Formidable Forms
<=
6.16.1.2
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
210 days ago
Type
Plugin
7.1
Affected Software
Formidable Forms
Latest Version
<=
6.16.1.2
Description
pulse_description
210 days ago
-
Plugin
Rank Math SEO
<=
1.0.231
Remote Code Execution (RCE) – This could allow a malicious actor to execute commands on the target website. This can be used to gain backdoor access to then take full control of the website.
7.2
212 days ago
Type
Plugin
7.2
Affected Software
Rank Math SEO
Latest Version
<=
1.0.231
Description
pulse_description
212 days ago
-
Plugin
Ultimate Member
<=
2.8.9
Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.
4.3
212 days ago
Type
Plugin
4.3
Affected Software
Ultimate Member
Latest Version
<=
2.8.9
Description
pulse_description
212 days ago
-
Plugin
Kadence Blocks
<=
3.3.3
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
6.5
212 days ago
Type
Plugin
6.5
Affected Software
Kadence Blocks
Latest Version
<=
3.3.3
Description
pulse_description
212 days ago
-
Plugin
MailMunch – Grow your Email List
<=
3.1.8
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
212 days ago
Type
Plugin
7.1
Affected Software
MailMunch – Grow your Email List
Latest Version
<=
3.1.8
Description
pulse_description
212 days ago
-
Plugin
SimpLy Gallery Block & Lightbox
<=
3.2.4.2
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
5.9
212 days ago
Type
Plugin
5.9
Affected Software
SimpLy Gallery Block & Lightbox
Latest Version
<=
3.2.4.2
Description
pulse_description
212 days ago
-
Plugin
Activity Log
<=
2.11.1
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
214 days ago
Type
Plugin
7.1
Affected Software
Activity Log
Latest Version
<=
2.11.1
Description
pulse_description
214 days ago
-
Plugin
PublishPress Revisions
<=
3.5.15
Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.
4.3
215 days ago
Type
Plugin
4.3
Affected Software
PublishPress Revisions
Latest Version
<=
3.5.15
Description
pulse_description
215 days ago
-
Plugin
Plus Addons for Elementor
<=
6.0.3
Sensitive Data Exposure This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.
4.3
215 days ago
Type
Plugin
4.3
Affected Software
Plus Addons for Elementor
Latest Version
<=
6.0.3
Description
pulse_description
215 days ago
-
Plugin
Simple Local Avatars
<=
2.7.11
Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.
4.3
219 days ago
Type
Plugin
4.3
Affected Software
Simple Local Avatars
Latest Version
<=
2.7.11
Description
pulse_description
219 days ago
-
Plugin
Essential Addons for Elementor
<=
6.0.9
Sensitive Data Exposure – This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.
6.8
220 days ago
Type
Plugin
6.8
Affected Software
Essential Addons for Elementor
Latest Version
<=
6.0.9
Description
pulse_description
220 days ago
-
Plugin
WP ALL Export Pro
<=
1.8.5
Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.
9.6
220 days ago
Type
Plugin
9.6
Affected Software
WP ALL Export Pro
Latest Version
<=
1.8.5
Description
pulse_description
220 days ago
-
Plugin
LearnPress Export Import
<=
4.0.4
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
220 days ago
Type
Plugin
7.1
Affected Software
LearnPress Export Import
Latest Version
<=
4.0.4
Description
pulse_description
220 days ago
-
Plugin
WP Activity Log
<=
5.2.1
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
220 days ago
Type
Plugin
7.1
Affected Software
WP Activity Log
Latest Version
<=
5.2.1
Description
pulse_description
220 days ago
-
Plugin
Really Simple SSL
<=
9.1.1.1
Broken Authentication – This can be abused by a malicious actor to perform action which normally should only be able to be executed by higher privileged users. These actions might allow the malicious actor to gain admin access to the website.
9.8
220 days ago
Type
Plugin
9.8
Affected Software
Really Simple SSL
Latest Version
<=
9.1.1.1
Description
pulse_description
220 days ago
-
Plugin
Advanced Form Integration
<=
1.92.0
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
221 days ago
Type
Plugin
7.1
Affected Software
Advanced Form Integration
Latest Version
<=
1.92.0
Description
pulse_description
221 days ago
-
Plugin
Advanced Form Integration
<=
1.92.0
Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
7.1
222 days ago
Type
Plugin
7.1
Affected Software
Advanced Form Integration
Latest Version
<=
1.92.0
Description
pulse_description
222 days ago
-
Plugin
Advanced Order Export For WooCommerce
<=
3.5.5
PHP Object Injection – This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is present.
9.8
222 days ago
Type
Plugin
9.8
Affected Software
Advanced Order Export For WooCommerce
Latest Version
<=
3.5.5
Description
pulse_description
222 days ago
Protect Your Website
Explore our comprehensive WordPress support plans designed to proactively patch vulnerabilities and safeguard your online presence.
