Â
WordPress Plugin Vulnerabilities
Â
1. WPJobBoard
WPJobBoard versions below 5.7.0 have Unauthenticated SQL Injection, Reflected XSS, & XFS vulnerabilities.
Â
2. WP Google Map Plugin
WP Google Map Plugin versions below 4.1.4 have an Authenticated SQL Injection vulnerability.
Â
3. BuddyPress
BuddyPress versions below 6.4.0 Lack of Capability Check vulnerability.
Â
4. Events Manager
Events Manager versions below 5.9.8 have a Cross-Site Scripting & an SQL Injection vulnerability.
Â
5. Age Gate
Age Gate versions below 2.13.5 have an Unauthenticated Open Redirect vulnerability.
Â
6. Canto
All versions of Canto have an Unauthenticated Blind SSRF vulnerability.
Â
7. Profile Builder
Profile Builder versions below 3.3.3 have an Authenticated Blind SQL Injection vulnerability.
Â
8. Paid Memberships Pro
Paid Memberships Pro versions below 2.5.1 have an Authenticated Cross-Site Scripting vulnerability.
Â
9. Themify Portfolio Post
Themify Portfolio Post versions below 1.1.6 an Authenticated Stored Cross-Site Scripting vulnerability.
Â
10. Easy WP SMTP
Easy WP SMTP versions below 1.4.3 have a Debug Log Disclosure vulnerability.
Â
WordPress Theme Vulnerabilities
1. Wibar
Wibar versions below 1.2.1 has an Authenticated Stored Cross-Site Scripting vulnerability.
