SK-CERT Bezpečnostné varovanie V20250520-08

Dôležitosť Kritická
Klasifikácia Neutajované/TLP:CLEAR
CVSS Skóre
 10.0
Identifikátor
Pluginy redakčného systému WordPress – viacero kritických bezpečnostných zraniteľností
Popis
Vývojári pluginov pre redakčný systém WordPress vydali bezpečnostné aktualizácie svojich produktov, ktoré opravujú viacero bezpečnostných zraniteľností, z ktorých sú viaceré označené ako kritické.
Najzávažnejšia kritická bezpečnostná zraniteľnosť s identifikátorom CVE-2025-4403 sa nachádza vo WordPress plugine Drag and Drop Multiple File Upload for WooCommerce, spočíva v nedostatočnej implementácii bezpečnostných mechanizmov a umožňuje vzdialenému, neautentifikovanému útočníkovi prostredníctvom zaslania špeciálne vytvorených súborov vykonať škodlivý kód s následkom úplného narušenia dôvernosti, integrity a dostupnosti systému.
Zneužitím ostatných bezpečnostných zraniteľností možno získať neoprávnený prístup k citlivým údajom, vykonať neoprávnené zmeny v systéme, spôsobiť zneprístupnenie služby, získať úplnú kontrolu nad systémom, eskalovať privilégiá a vykonať škodlivý kód.
Zneužitie niektorých zraniteľností vyžaduje interakciu používateľa.
Dátum prvého zverejnenia varovania
19.5.2025
CVE
CVE-2025-4403, CVE-2024-11617, CVE-2024-8699, CVE-2023-6030, CVE-2025-4391, CVE-2025-4389, CVE-2025-4564, CVE-2025-47530, CVE-2025-47687, CVE-2025-47642, CVE-2025-3605, CVE-2025-47682, CVE-2025-3810, CVE-2025-2253, CVE-2025-3811, CVE-2025-47549, CVE-2025-4104, CVE-2025-3844, CVE-2025-0855, CVE-2024-11267, CVE-2025-0853, CVE-2025-0856, CVE-2025-4335, CVE-2025-3852, CVE-2025-3921, CVE-2025-47538, CVE-2025-47537, CVE-2025-47533, CVE-2025-47531, CVE-2025-47685, CVE-2025-47683, CVE-2024-13793, CVE-2025-4054, CVE-2025-2158, CVE-2025-47546, CVE-2025-47544, CVE-2025-3419, CVE-2025-3623, CVE-2024-13613, CVE-2024-10504, CVE-2024-12735, CVE-2024-12734, CVE-2024-12733, CVE-2024-12726, CVE-2024-12725, CVE-2024-12724, CVE-2024-11719, CVE-2024-11372, CVE-2025-3455, CVE-2025-3897, CVE-2025-3876, CVE-2025-47438, CVE-2025-47445, CVE-2025-47618, CVE-2025-47680, CVE-2025-47603, CVE-2025-47678, CVE-2025-4206, CVE-2025-47690, CVE-2025-4317, CVE-2025-4474, CVE-2025-3107, CVE-2024-8095, CVE-2025-4396, CVE-2025-4579, CVE-2025-47535, CVE-2025-47458, CVE-2025-47461, CVE-2025-47478, CVE-2025-3053, CVE-2025-47576, CVE-2025-32922, CVE-2024-13914, CVE-2023-5932, CVE-2025-48146, CVE-2025-48144, CVE-2025-48137, CVE-2025-48136, CVE-2025-48134, CVE-2025-48114, CVE-2025-48112, CVE-2025-31637, CVE-2025-31640, CVE-2025-31641, CVE-2025-31922, CVE-2025-31926, CVE-2025-31928, CVE-2025-3812, CVE-2025-4189, CVE-2024-10009, CVE-2025-0687, CVE-2024-8397, CVE-2024-8090, CVE-2025-2248, CVE-2025-2203, CVE-2025-1303, CVE-2025-1288, CVE-2024-9879, CVE-2024-9838, CVE-2024-9831
IOC
Zasiahnuté systémy
1 Click WordPress Migration Plugin vo verzii staršej ako 2.2 (vrátane)
Advance Post Prefix vo verzii staršej ako 1.1.1 (vrátane)
AffiliateImporterEb vo všetkých verziách (ukončená podpora)
Ajar in5 Embed vo verzii staršej ako 3.1.5 (vrátane)
ARForms Form Builder vo verzii staršej ako 1.7.1
Audio Comments vo všetkých verziách (ukončená podpora)
Auto Affiliate Links vo verzii staršej ako 6.4.7
B2i Investor Tools vo verzii staršej ako 1.0.8
BabelZ vo všetkých verziách (ukončená podpora)
BEAF vo verzii staršej ako 4.6.11
belingoGeo vo verzii staršej ako 1.12.0 (vrátane)
Bimber – Viral Magazine WordPress Theme vo verzii staršej ako 9.2.5 (vrátane)
BMI Adult & Kid Calculator vo verzii staršej ako 1.2.2 (vrátane)
Cart tracking for WooCommerce vo verzii staršej ako 1.0.18
Clasify Classified Listing vo verzii staršej ako 1.0.7 (vrátane)
ClipArt vo verzii staršej ako 0.2 (vrátane)
Connexion Logs vo verzii staršej ako 3.0.2 (vrátane)
Contribuinte Checkout vo verzii staršej ako 2.0.03 (vrátane)
Crawlomatic Multipage Scraper Post Generator vo verzii staršej ako 2.6.8.2
CSS3 Accordions for WordPress vo verzii staršej ako 3.0 (vrátane)
Dot html,php,xml etc pages vo všetkých verziách (ukončená podpora)
Drag and Drop Multiple File Upload for WooCommerce vo verzii staršej ako 1.1.7
Dynamic Pricing With Discount Rules for WooCommerce vo verzii staršej ako 4.5.9
Echo RSS Feed Post Generator vo verzii staršej ako 5.4.8.2
Envolve Plugin vo verzii staršej ako 1.1.0
EUCookieLaw vo verzii staršej ako 2.7.3
Event Manager, Events Calendar, Tickets, Registrations – Eventin vo verzii staršej ako 4.0.27
Eventin vo verzii staršej ako 4.0.27
File Manager Advanced Shortcode vo verzii staršej ako 2.6.0
Frontend Dashboard vo verzii staršej ako 2.2.8
Frontend Login and Registration Blocks vo verzii staršej ako 1.0.7 (vrátane)
Funnel Builder by FunnelKit vo verzii staršej ako 3.10.2
FunnelCockpit vo verzii staršej ako 1.4.2 (vrátane)
GDPR Cookie Consent vo verzii staršej ako 2.6.1
Graphina vo verzii staršej ako 3.0.5
IMITHEMES Listing vo verzii staršej ako 3.4
Import Export For WooCommerce vo verzii staršej ako 1.6.2 (vrátane)
Interview vo verzii staršej ako 1.01 (vrátane)
JavaScript Logic vo všetkých verziách (ukončená podpora)
JSP Store Locator vo verzii staršej ako 1.0 (vrátane)
Lead Form Data Collection to CRM vo verzii staršej ako 3.1 (vrátane)
LogDash Activity Log vo verzii staršej ako 1.1.4
Magic Responsive Slider and Carousel WordPress vo verzii staršej ako 1.4 (vrátane)
Melapress File Monitor vo verzii staršej ako 2.1.1
Mortgage Calculator Estatik vo verzii staršej ako 2.0.12 (vrátane)
Multimedia Responsive Carousel with Image Video Audio Support vo verzii staršej ako 2.6.0 (vrátane)
Newsletters vo verzii staršej ako 4.9.9.9
Opal Woo Custom Product Variation vo verzii staršej ako 1.2.1
PDF Invoices for WooCommerce vo verzii staršej ako 5.4.0
PeproDev Ultimate Profile Solutions vo verzii staršej ako 7.5.2 (vrátane)
PGS Core vo verzii staršej ako 5.9.0
Plugin Oficial – Getnet para WooCommerce vo verzii staršej ako 1.8.1
ProfileGrid vo verzii staršej ako 5.9.5.1
Relevanssi vo verzii staršej ako 4.24.5
SEO Flow by LupsOnline vo verzii staršej ako 2.2.0 (vrátane)
ShayanWeb Admin FontChanger vo verzii staršej ako 1.8.1 (vrátane)
SHOUT vo verzii staršej ako 3.5.3 (vrátane)
SMS Alert Order Notifications vo verzii staršej ako 3.8.2
Spiritual Gifts Survey vo všetkých verziách (ukončená podpora)
Sticky Radio Player vo verzii staršej ako 3.4 (vrátane)
StoreKeeper for WooCommerce vo verzii staršej ako 14.4.4 (vrátane)
Subaccounts for WooCommerce vo verzii staršej ako 1.6.7
tarteaucitron.js for WordPress vo verzii staršej ako 0.3.0
Taskbuilder vo verzii staršej ako 3.0.9
TheGem vo verzii staršej ako 5.10.3.1
TicketBAI Facturas para WooCommerce vo verzii staršej ako 3.19
Travelpayouts vo verzii staršej ako 1.1.14
UberSlider vo verzii staršej ako 2.3 (vrátane)
UiPress lite vo verzii staršej ako 3.5.08
Uncanny Automator vo verzii staršej ako 6.4.0.2
Wise Chat vo verzii staršej ako 3.3.4
Wolmart | Multi-Vendor Marketplace WooCommerce Theme vo verzii staršej ako 1.8.12
Woocommerce Multiple Addresses vo všetkých verziách (ukončená podpora)
WOOEXIM vo všetkých verziách (ukončená podpora)
WordPress CRM, Email & Marketing Automation vo verzii staršej ako 4.1.2
WordPress Review Plugin vo verzii staršej ako 5.3.5 (vrátane)
WP Compress vo verzii staršej ako 6.30.31
WP Content Security Plugin vo všetkých verziách (ukončená podpora)
WP DeskLite vo všetkých verziách (ukončená podpora)
WP Job Portal vo verzii staršej ako 2.3.2
WP Maintenance vo verzii staršej ako 6.1.9.8
WP Tabs vo verzii staršej ako 2.2.11 (vrátane)
WP-PManager vo verzii staršej ako 1.2 (vrátane)
WP2LEADS vo verzii staršej ako 3.5.0 (vrátane)
WPBookit vo verzii staršej ako 1.0.3
WPBot Pro WordPress Chatbot vo verzii staršej ako 13.7.0
WPFunnels vo verzii staršej ako 3.5.19
WPshop 2 – E-Commerce vo verzii staršej ako 2.6.0 (vrátane)
xili-tidy-tags vo verzii staršej ako 1.12.06 (vrátane)
XT Event Widget for Social Events vo verzii staršej ako 1.1.8
Z-Downloads vo verzii staršej ako 1.11.5
Následky
Vykonanie škodlivého kódu
Eskalácia privilégií
Neoprávnený prístup k citlivým údajom
Neoprávnená zmena v systéme
Zneprístupnenie služby
Neoprávnený prístup do systému
Odporúčania
Odporúčame uistiť sa, či Vaše webové stránky a aplikácie založené na redakčnom systéme WordPress nevyužívajú predmetné pluginy v zraniteľných verziách. V prípade, že áno, administrátorom SK-CERT odporúča:
– v prípade, že sa jedná o pluginy s ukončenou podporou, predmetné pluginy odinštalovať,
– v prípade, že sa jedná o pluginy, pre ktoré nie sú v súčasnosti dostupné bezpečnostné aktualizácie, predmetné pluginy až do vydania záplat deaktivovať alebo odinštalovať,
– v prípade, že sa jedná o pluginy, pre ktoré sú dostupné bezpečnostné záplaty, predmetné pluginy aktualizovať,
– vo všetkých prípadoch preveriť logy na prítomnosť pokusov o zneužitie zraniteľností,
– vo všetkých prípadoch preveriť integritu databázy a samotného redakčného systému.
Po odstránení zraniteľností, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč.
Taktiež odporúčame poučiť používateľov, aby neotvárali neoverené e-mailové správy, prílohy z neznámych zdrojov a nenavštevovali nedôveryhodné webové stránky.
Zdroje
https://patchstack.com/database/wordpress/plugin/drag-and-drop-multiple-file-upload-for-woocommerce/vulnerability/wordpress-drag-and-drop-multiple-file-upload-for-woocommerce-plugin-1-1-6-unauthenticated-arbitrary-file-upload-via-upload-function-vulnerability
https://patchstack.com/database/wordpress/plugin/envolve-plugin/vulnerability/wordpress-envolve-plugin-plugin-1-0-unauthenticated-arbitrary-file-upload-via-language-file-and-fonts-file-vulnerability
https://patchstack.com/database/wordpress/plugin/z-downloads/vulnerability/wordpress-z-downloads-plugin-1-11-5-admin-arbitrary-file-upload-vulnerability
https://patchstack.com/database/wordpress/plugin/logdash-activity-log/vulnerability/wordpress-logdash-activity-log-plugin-1-1-4-unauthenticated-sqli-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/rss-feed-post-generator-echo/echo-rss-feed-post-generator-5481-unauthenticated-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/crawlomatic-multipage-scraper-post-generator/crawlomatic-multipage-scraper-post-generator-2681-unauthenticated-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-ticketbai/ticketbai-facturas-para-woocommerce-318-unauthenticated-arbitrary-file-deletion
https://patchstack.com/database/wordpress/plugin/wpfunnels/vulnerability/wordpress-wpfunnels-3-5-18-php-object-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/storekeeper-for-woocommerce/storekeeper-for-woocommerce-1444-unauthenticated-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ajar-productions-in5-embed/ajar-in5-embed-315-unauthenticated-arbitrary-file-upload
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/frontend-login-and-registration-blocks/frontend-login-and-registration-blocks-107-unauthenticated-privilege-escalation-via-account-takeover
https://patchstack.com/database/wordpress/plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-3-8-1-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-0-2-insecure-direct-object-reference-to-unauthenticated-privilege-escalation-via-account-takeover-vulnerability
https://patchstack.com/database/wordpress/plugin/imithemes-listing/vulnerability/wordpress-imithemes-listing-plugin-3-3-unauthenticated-privilege-escalation-via-unverified-password-reset-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpbookit/wpbookit-102-insecure-direct-object-reference-to-unauthenticated-privilege-escalation-via-email-update
https://patchstack.com/database/wordpress/plugin/beaf-before-and-after-gallery/vulnerability/wordpress-beaf-4-6-10-arbitrary-file-upload-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/frontend-dashboard/frontend-dashboard-10-226-missing-authorization-to-unauthenticated-privilege-escalation-via-fed-wp-ajax-fed-login-form-post-function
https://patchstack.com/database/wordpress/plugin/peprodev-ups/vulnerability/wordpress-peprodev-ultimate-profile-solutions-1-9-1-7-5-2-plugin-authentication-bypass-to-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pgs-core/pgs-core-580-unauthenticated-php-object-injection
https://patchstack.com/database/wordpress/plugin/jsp-store-locator/vulnerability/wordpress-jsp-store-locator-plugin-1-0-contributor-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pgs-core/pgs-core-580-unauthenticated-sql-injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pgs-core/pgs-core-580-missing-authorization-via-multiple-functions
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-multiple-addresses/woocommerce-multiple-addresses-1071-authenticated-subscriber-privilege-escalation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpshop/wpshop-2-e-commerce-200-260-authenticated-subscriber-privilege-escalation-via-account-takeover
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/peprodev-ups/peprodev-ultimate-profile-solutions-191-752-missing-authorization-to-limited-unauthenticated-arbitrary-user-meta-update-via-handel-ajax-req-function
https://patchstack.com/database/wordpress/plugin/cart-tracking-for-woocommerce/vulnerability/wordpress-cart-tracking-for-woocommerce-1-0-17-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/pdf-for-woocommerce/vulnerability/wordpress-pdf-invoices-for-woocommerce-drag-and-drop-template-builder-5-3-8-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/graphina-elementor-charts-and-graphs/vulnerability/wordpress-graphina-plugin-3-0-4-cross-site-request-forgery-csrf-to-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/xt-facebook-events/vulnerability/wordpress-xt-event-widget-for-social-events-1-1-7-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/contribuinte-checkout/vulnerability/wordpress-contribuinte-checkout-plugin-2-0-02-cross-site-request-forgery-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-maintenance/vulnerability/wordpress-wp-maintenance-6-1-9-7-php-object-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/wolmart/wolmart-multi-vendor-marketplace-woocommerce-theme-1811-unauthenticated-arbitrary-shortcode-execution-in-wolmart-loadmore
https://patchstack.com/database/wordpress/plugin/relevanssi/vulnerability/wordpress-relevanssi-plugin-4-24-3-unauthenticated-stored-cross-site-scripting-via-search-highlights-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-review/vulnerability/wordpress-wordpress-review-plugin-plugin-5-3-5-authenticated-contributor-local-file-inclusion-via-post-custom-fields-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-compress-image-optimizer/vulnerability/wordpress-wp-compress-6-30-30-cross-site-request-forgery-csrf-vulnerability
https://patchstack.com/database/wordpress/plugin/aco-woo-dynamic-pricing/vulnerability/wordpress-dynamic-pricing-with-discount-rules-for-woocommerce-4-5-8-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-event-solution/event-manager-events-calendar-tickets-registrations-eventin-4026-unauthenticated-arbitrary-file-read
https://patchstack.com/database/wordpress/plugin/uncanny-automator/vulnerability/wordpress-uncanny-automator-plugin-6-4-0-1-authenticated-subscriber-php-object-injection-in-automator-api-decode-message-function-vulnerability
https://patchstack.com/database/wordpress/plugin/wise-chat/vulnerability/wordpress-wise-chat-plugin-3-3-3-unauthenticated-sensitive-information-exposure-through-unprotected-directory-vulnerability
https://patchstack.com/database/wordpress/plugin/arforms-form-builder/vulnerability/wordpress-arforms-builder-plugin-1-7-1-unauthenticated-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/advance-post-prefix/vulnerability/wordpress-advance-post-prefix-plugin-1-1-1-admin-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/advance-post-prefix/vulnerability/wordpress-advance-post-prefix-plugin-1-1-1-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/affiliateimportereb/vulnerability/wordpress-affiliateimportereb-plugin-1-0-6-reflected-xss-via-search-vulnerability
https://patchstack.com/database/wordpress/plugin/clipart/vulnerability/wordpress-clipart-plugin-0-2-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/clasify-classified-listing/vulnerability/wordpress-clasify-classified-listing-plugin-1-0-7-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-desklite/vulnerability/wordpress-wp-desklite-plugin-1-0-0-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/tarteaucitron-wp/vulnerability/wordpress-tarteaucitron-js-for-wordpress-plugin-0-3-0-stored-xss-via-csrf-vulnerability
https://patchstack.com/database/wordpress/plugin/logs-de-connexion/vulnerability/wordpress-connexion-logs-plugin-3-0-2-admin-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/1-click-migration/1-click-wordpress-migration-plugin-100-free-for-a-limited-time-22-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload
https://patchstack.com/database/wordpress/plugin/eucookielaw/vulnerability/wordpress-eucookielaw-plugin-2-7-2-unauthenticated-arbitrary-file-read-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/sms-alert/sms-alert-order-notifications-woocommerce-381-authenticated-subscriber-privilege-escalation-via-handlewplogincreateuseraction-function
https://patchstack.com/database/wordpress/plugin/wp-job-portal/vulnerability/wordpress-wp-job-portal-plugin-2-3-1-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-4-0-26-arbitrary-file-download-vulnerability
https://patchstack.com/database/wordpress/plugin/bmi-adultkid-calculator/vulnerability/wordpress-bmi-adult-kid-calculator-plugin-1-2-2-reflected-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/xili-tidy-tags/vulnerability/wordpress-xili-tidy-tags-plugin-1-12-06-reflected-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/belingogeo/vulnerability/wordpress-belingogeo-1-12-0-arbitrary-file-download-vulnerability
https://patchstack.com/database/wordpress/plugin/funnelcockpit/vulnerability/wordpress-funnelcockpit-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/groundhogg/wordpress-crm-email-marketing-automation-for-wordpress-award-winner-groundhogg-4112-authenticated-administrator-arbitrary-file-deletion
https://patchstack.com/database/wordpress/plugin/wp-leads-builder-any-crm/vulnerability/wordpress-lead-form-data-collection-to-crm-plugin-3-1-arbitrary-option-update-to-privilege-escalation-vulnerability
https://patchstack.com/database/wordpress/theme/thegem/vulnerability/wordpress-thegem-plugin-5-10-3-authenticated-subscriber-arbitrary-file-upload-vulnerability
https://patchstack.com/database/wordpress/plugin/frontend-dashboard/vulnerability/wordpress-frontend-dashboard-1-0-2-2-7-missing-authorization-to-authenticated-subscriber-privilege-escalation
https://patchstack.com/database/wordpress/plugin/newsletters-lite/vulnerability/wordpress-newsletters-plugin-4-9-9-8-authenticated-contributor-sql-injection-orderby-parameter-vulnerability
https://patchstack.com/database/wordpress/plugin/babelz/vulnerability/wordpress-babelz-google-translate-widget-plugin-1-1-5-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/relevanssi/vulnerability/wordpress-relevanssi-plugin-4-24-4-unauthenticated-sql-injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-content-security-policy/wp-content-security-plugin-23-unauthenticated-stored-cross-site-scripting-via-csp-report-fields
https://patchstack.com/database/wordpress/plugin/opal-woo-custom-product-variation/vulnerability/wordpress-opal-woo-custom-product-variation-1-2-0-arbitrary-file-deletion-vulnerability
https://patchstack.com/database/wordpress/plugin/b2i-investor-tools/vulnerability/wordpress-b2i-investor-tools-plugin-1-0-7-9-reflected-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/subaccounts-for-woocommerce/vulnerability/wordpress-subaccounts-for-woocommerce-plugin-1-6-6-account-takeover-vulnerability
https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-5-9-5-0-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/uipress-lite/uipress-lite-effortless-custom-dashboards-admin-themes-and-pages-3507-authenticated-subscriber-remote-code-execution
https://patchstack.com/database/wordpress/theme/bimber/vulnerability/wordpress-bimber-viral-magazine-wordpress-theme-theme-9-2-5-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-5-0-cross-site-request-forgery-csrf-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/detail/file-manager-advanced-shortcode-254-authenticated-administrator-local-javascript-file-inclusion-via-shortcode
https://patchstack.com/database/wordpress/plugin/travelpayouts/vulnerability/wordpress-travelpayouts-plugin-1-1-14-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/lupsonline-link-netwerk/vulnerability/wordpress-seo-flow-by-lupsonline-plugin-2-2-0-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/import-export-for-woocommerce/vulnerability/wordpress-import-export-for-woocommerce-plugin-1-6-2-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/interview/vulnerability/wordpress-interview-1-01-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/estatik-mortgage-calculator/vulnerability/wordpress-mortgage-calculator-estatik-2-0-12-local-file-inclusion-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-expand-tabs-free/vulnerability/wordpress-wp-tabs-2-2-11-php-object-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/shayanweb-admin-fontchanger/vulnerability/wordpress-shayanweb-admin-fontchanger-plugin-1-8-1-cross-site-request-forgery-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/dot-htmlphpxml-etc-pages/vulnerability/wordpress-dot-html-php-xml-etc-pages-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/lbg-audio8-html5-radio_ads/vulnerability/wordpress-shout-3-5-3-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/magic-carousel/vulnerability/wordpress-magic-responsive-slider-and-carousel-wordpress-1-4-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/uber-classic/vulnerability/wordpress-uberslider-2-3-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/css3_accordions/vulnerability/wordpress-css3-accordions-for-wordpress-plugin-3-0-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/lbg-audio5-html5-shoutcast_sticky/vulnerability/wordpress-sticky-radio-player-3-4-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/multimedia-carousel/vulnerability/wordpress-multimedia-responsive-carousel-with-image-video-audio-support-2-6-0-sql-injection-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpbot-pro/wpbot-pro-wordpress-chatbot-1362-authenticated-subscriber-arbitrary-file-deletion
https://patchstack.com/database/wordpress/plugin/audio-comments/vulnerability/wordpress-audio-comments-plugin-plugin-1-0-4-cross-site-request-forgery-to-stored-cross-site-scripting-vulnerability
https://patchstack.com/database/wordpress/plugin/website-file-changes-monitor/vulnerability/wordpress-website-file-changes-plugin-2-1-0-admin-authenticated-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/spiritual-gifts-survey/vulnerability/wordpress-spiritual-gifts-survey-plugin-0-9-10-unauthenticated-csrf-to-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/webtoffee-gdpr-cookie-consent/vulnerability/wordpress-gdpr-cookie-consent-plugin-2-6-0-unauthenticated-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/javascript-logic/vulnerability/wordpress-javascript-logic-plugin-0-1-csrf-to-stored-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-programmmanager/vulnerability/wordpress-wp-pmanager-plugin-1-2-admin-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-woocommerce-checkout-funnel-builder-by-funnelkit-plugin-3-10-2-admin-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-8-1-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/wooexim/vulnerability/wordpress-wooexim-plugin-5-0-0-reflected-xss-vulnerability
https://patchstack.com/database/wordpress/plugin/website-file-changes-monitor/vulnerability/wordpress-website-file-changes-plugin-2-1-1-authenticated-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/wp-auto-affiliate-links/vulnerability/wordpress-auto-affiliate-links-plugin-6-4-7-admin-sql-injection-vulnerability
https://patchstack.com/database/wordpress/plugin/taskbuilder/vulnerability/wordpress-taskbuilder-plugin-3-0-9-admin-sql-injection-vulnerability

« Späť na zoznam
Aktuálne hrozby
všetky oznámenia
Odkazy