Page last updated:

Type

Affected Software

Latest Version

Description

Severity

Date

  • Plugin

    The Events Calendar Shortcode & Block

    <=

    3.1.2

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    156 days ago

    Type

    Plugin

    6.5

    Affected Software

    Latest Version

    <=

    3.1.2

    Description

    pulse_description

    156 days ago

  • Plugin

    Ajax Load More

    <=

    7.8.2

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    5.3

    158 days ago

    Type

    Plugin

    5.3

    Affected Software

    Latest Version

    <=

    7.8.2

    Description

    pulse_description

    158 days ago

  • Plugin

    Modula Image Gallery

    <=

    2.13.7

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    4.3

    158 days ago

    Type

    Plugin

    4.3

    Affected Software

    Latest Version

    <=

    2.13.7

    Description

    pulse_description

    158 days ago

  • Plugin

    Happy Addons for Elementor

    <=

    3.20.8

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    158 days ago

    Type

    Plugin

    6.5

    Affected Software

    Latest Version

    <=

    3.20.8

    Description

    pulse_description

    158 days ago

  • Plugin

    Relevanssi Premium

    <=

    2.29.0

    SQL Injection – This could allow a malicious actor to directly interact with your database, including but not limited to stealing information.

    8.5

    159 days ago

    Type

    Plugin

    8.5

    Affected Software

    Latest Version

    <=

    2.29.0

    Description

    pulse_description

    159 days ago

  • Plugin

    GDPR Cookie Compliance

    <=

    4.15.7

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    5.9

    159 days ago

    Type

    Plugin

    5.9

    Affected Software

    Latest Version

    <=

    4.15.7

    Description

    pulse_description

    159 days ago

  • Plugin

    The Grid

    <=

    2.8.0

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    5.3

    159 days ago

    Type

    Plugin

    5.3

    Affected Software

    Latest Version

    <=

    2.8.0

    Description

    pulse_description

    159 days ago

  • Plugin

    Relevanssi

    <=

    4.26.0

    SQL Injection – This could allow a malicious actor to directly interact with your database, including but not limited to stealing information.

    6.8

    163 days ago

    Type

    Plugin

    6.8

    Affected Software

    Latest Version

    <=

    4.26.0

    Description

    pulse_description

    163 days ago

  • Plugin

    Ivory Search

    <=

    5.5.14

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    5.9

    164 days ago

    Type

    Plugin

    5.9

    Affected Software

    Latest Version

    <=

    5.5.14

    Description

    pulse_description

    164 days ago

  • Plugin

    WPLegalPages

    <=

    3.5.5

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    7.5

    165 days ago

    Type

    Plugin

    7.5

    Affected Software

    Latest Version

    <=

    3.5.5

    Description

    pulse_description

    165 days ago

  • Plugin

    Premium Addons for Elementor

    <=

    4.11.64

    Settings Change – CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.

    5.4

    169 days ago

    Type

    Plugin

    5.4

    Affected Software

    Latest Version

    <=

    4.11.64

    Description

    pulse_description

    169 days ago

  • Plugin

    Schema & Structured Data for WP & AMP

    <=

    1.54.1

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    6.5

    169 days ago

    Type

    Plugin

    6.5

    Affected Software

    Latest Version

    <=

    1.54.1

    Description

    pulse_description

    169 days ago

  • Plugin

    The Events Calendar

    <=

    6.15.13.1

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    5.4

    170 days ago

    Type

    Plugin

    5.4

    Affected Software

    Latest Version

    <=

    6.15.13.1

    Description

    pulse_description

    170 days ago

  • Plugin

    Photo Gallery by 10Web

    <=

    1.8.37

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    5.3

    170 days ago

    Type

    Plugin

    5.3

    Affected Software

    Latest Version

    <=

    1.8.37

    Description

    pulse_description

    170 days ago

  • Plugin

    Newsletter

    <=

    9.1.1

    Cross Site Request Forgery (CSRF) – This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

    4.3

    171 days ago

    Type

    Plugin

    4.3

    Affected Software

    Latest Version

    <=

    9.1.1

    Description

    pulse_description

    171 days ago

  • Plugin

    Advanced Custom Fields: Extended

    <=

    0.9.2.2

    Privilege Escalation – This could allow a malicious actor to escalate their low privileged account to something with higher privileges. After this they could take full control of the website if high privileges are gained.

    9.8

    172 days ago

    Type

    Plugin

    9.8

    Affected Software

    Latest Version

    <=

    0.9.2.2

    Description

    pulse_description

    172 days ago

  • Plugin

    Custom Fonts – Host Your Fonts Locally

    <=

    2.1.17

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    6.5

    172 days ago

    Type

    Plugin

    6.5

    Affected Software

    Latest Version

    <=

    2.1.17

    Description

    pulse_description

    172 days ago

  • Plugin

    WP RSS Aggregator

    <=

    5.0.11

    Cross Site Scripting (XSS) – This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

    7.1

    176 days ago

    Type

    Plugin

    7.1

    Affected Software

    Latest Version

    <=

    5.0.11

    Description

    pulse_description

    176 days ago

  • Plugin

    All In One SEO Pack

    <=

    4.9.3

    Broken Access Control – A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    4.3

    176 days ago

    Type

    Plugin

    4.3

    Affected Software

    Latest Version

    <=

    4.9.3

    Description

    pulse_description

    176 days ago

  • Plugin

    WooCommerce Square

    <=

    5.1.2

    Insecure Direct Object References (IDOR) – An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database.

    7.5

    179 days ago

    Type

    Plugin

    7.5

    Affected Software

    Latest Version

    <=

    5.1.2

    Description

    pulse_description

    179 days ago