Admin Log <= 1.50 | CSRF | CVE-2023-23721 | 2023-01-04 | https://patchstack.com/database/vulnerability/admin-log/wordpress-admin-log-plugin-1-50-cross-site-request-forgery-csrf-vulnerability |
Nice PayPal Button Lite <= 1.3.5 | CSRF | CVE-2023-22686 | 2023-01-04 | https://patchstack.com/database/vulnerability/nice-paypal-button-lite/wordpress-nice-paypal-button-lite-plugin-1-3-5-cross-site-request-forgery-csrf-vulnerability |
WP Tabs Slides <= 2.0.3 | CSRF | CVE-2023-22688 | 2023-01-04 | https://patchstack.com/database/vulnerability/wordpress-tabs-slides/wordpress-wp-tabs-slides-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability |
SRS Simple Hits Counter <= 1.1.0 | CSRF | CVE-2023-22709 | 2023-01-03 | https://patchstack.com/database/vulnerability/srs-simple-hits-counter/wordpress-srs-simple-hits-counter-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability |
WP Fast Cache <= 1.5 | CSRF | CVE-2023-22675 | 2023-01-03 | https://patchstack.com/database/vulnerability/wp-fast-cache/wordpress-wp-fast-cache-plugin-1-5-cross-site-request-forgery-csrf-vulnerability |
No API Amazon Affiliate <= 4.2.2 | Stored XSS | CVE-2023-22680 | 2023-01-02 | https://patchstack.com/database/vulnerability/no-api-amazon-affiliate/wordpress-no-api-amazon-affiliate-plugin-4-2-2-cross-site-scripting-xss |
WP Better Emails <= 0.4 | Stored XSS | CVE-2023-22679 | 2023-01-02 | https://patchstack.com/database/vulnerability/wp-better-emails/wordpress-wp-better-emails-plugin-0-4-cross-site-scripting-xss |
WP Pipes <= 1.33 | SQL Injection | CVE-2022-45355 | 2022-12-18 | https://patchstack.com/database/vulnerability/wp-pipes/wordpress-wp-pipes-plugin-1-33-auth-sql-injection-sqli-vulnerability |
Hover Image <= 1.4.1 | CSRF | CVE-2022-47611 | 2022-12-13 | https://patchstack.com/database/vulnerability/hover-image/wordpress-hover-image-plugin-1-4-1-cross-site-request-forgery-csrf |
DNUI <= 2.8.1 | CSRF | CVE-2022-47609 | 2022-12-11 | https://patchstack.com/database/vulnerability/dnui-delete-not-used-image-wordpress/wordpress-dnui-plugin-2-8-1-multiple-cross-site-request-forgery-csrf |
WP Super Popup <= 1.1.2 | Stored XSS | CVE-2022-47598 | 2022-12-10 | https://patchstack.com/database/vulnerability/wp-super-popup/wordpress-wp-super-popup-plugin-1-1-2-cross-site-scripting-xss |
Universal Star Rating <= 2.1.0 | CSRF | CVE-2022-46867 | 2022-12-09 | https://patchstack.com/database/vulnerability/universal-star-rating/wordpress-universal-star-rating-plugin-2-1-0-cross-site-request-forgery-csrf-vulnerability |
WP CSV Exporter <= 1.3.6 | CSV Injection | CVE-2022-38702 | 2022-12-08 | https://patchstack.com/database/vulnerability/wp-csv-exporter/wordpress-wp-csv-exporter-plugin-1-3-6-authenticated-csv-injection-vulnerability |
Custom Content by Country <= 3.1.2 | CSRF | CVE-2022-41650 | 2022-12-02 | https://patchstack.com/database/vulnerability/custom-content-by-country/wordpress-custom-content-by-country-plugin-3-1-2-broken-access-control-vulnerability |
Export Users Data CSV <= 2.1 | CSV Injection | CVE-2022-41616 | 2022-11-30 | https://patchstack.com/database/vulnerability/export-users-data-csv/wordpress-export-users-data-csv-plugin-2-1-auth-csv-injection-vulnerability |
ProfileGrid <= 5.1.6 | CSV Injection | CVE-2022-41791 | 2022-11-17 | https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-1-6-csv-injection-vulnerability |
News Announcement Scroll Plugin <= 8.8.8 | Stored XSS | CVE-2022-40694 | 2022-11-17 | https://patchstack.com/database/vulnerability/news-announcement-scroll/wordpress-news-announcement-scroll-plugin-8-8-8-auth-stored-cross-site-scripting-xss-vulnerability |
User Blocker <= 1.5.5 | CSV Injection | CVE-2022-45078 | 2022-11-09 | https://patchstack.com/database/vulnerability/user-blocker/wordpress-user-blocker-plugin-1-5-5-auth-csv-injection-vulnerability |
Homepage Pop-up <= 1.2.5 | CSRF | CVE-2022-44585 | 2022-11-01 | https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-popup-plugin-1-2-5-cross-site-request-forgery-csrf-vulnerability |
Homepage Pop-up <= 1.2.5 | Stored XSS | CVE-2022-43480 | 2022-11-01 | https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-pop-up-plugin-1-2-5-unauth-stored-cross-site-scripting-xss-vulnerability |
IP Blacklist Cloud <= 5.00 | SQL Injection | CVE-2022-43462 | 2022-10-24 | https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability |
IP Blacklist Cloud <= 5.00 | Stored XSS | CVE-2022-42462 | 2022-10-24 | https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-stored-cross-site-scripting-xss-vulnerability |
Simple SEO <= 1.8.12 | CSRF | CVE-2022-44627 | 2022-10-20 | https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability |
Simple SEO <= 1.8.12 | CSRF | CVE-2022-36404 | 2022-10-20 | https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-authenticated-sitemap-deletion-creation-vulnerability |
Page View Count <= 2.5.5 | CSRF | CVE-2022-40131 | 2022-09-07 | https://patchstack.com/database/vulnerability/page-views-count/wordpress-page-view-count-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability |
Rock Convert <= 2.11.0 | Stored XSS | CVE-2022-36428 | 2022-09-05 | https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability |
Export Post Info <= 1.1.0 | CSV Injection | CVE-2022-38061 | 2022-08-27 | https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-2-0-authenticated-csv-injection-vulnerability |
Export Post Info <= 1.1.0 | Stored XSS | CVE-2022-38068 | 2022-08-27 | https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-1-0-authenticated-stored-cross-site-scripting-xss-vulnerability |
Mantenimiento web <= 0.13 | Stored XSS | CVE-2022-41980 | 2022-08-21 | https://patchstack.com/database/vulnerability/mantenimiento-web/wordpress-mantenimiento-web-plugin-0-13-auth-cross-site-scripting-xss-vulnerability |
CM Download Manager < 2.8.6 | File Upload to RCE | CVE-2022-3076 | 2022-08-19 | https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd |
Goolytics – Simple Google Analytics < 1.1.2 | Stored XSS | CVE-2022-3132 | 2022-08-19 | https://wpscan.com/vulnerability/ed2dc1b9-f9f9-4e99-87b3-a614c223dd64 |
WP Server Health Stats < 1.7.0 | Stored XSS | CVE-2022-2887 | 2022-08-17 | https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497 |
Affiliates Manager < 2.9.14 | Stored XSS | CVE-2022-2799 | 2022-08-11 | https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4 |
Search Logger <= 0.9 | SQL Injection | CVE-2022-3131 | 2022-08-11 | https://wpscan.com/vulnerability/b6c62e53-ae49-4fe0-aed9-0c493fc4442d |
Image optimization & Lazy Load < 3.3.2 | Stored XSS | CVE-2022-0969 | 2022-03-14 | https://wpscan.com/vulnerability/59a7a441-7384-4006-89b4-15345f70fabf |
Facebook Social comments < 2.5.0 | Stored XSS | CVE-2022-0876 | 2022-03-07 | https://wpscan.com/vulnerability/73be6e92-ea37-4416-977d-52ee2afa022a |
BulletProof Security < 5.8 | Stored XSS | CVE-2022-0590 | 2022-02-10 | https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e |
Opensea < 1.0.3 | Stored XSS | CVE-2022-1228 | 2022-02-04 | https://wpscan.com/vulnerability/ef6830c0-e933-4e62-8321-011d91f9cfea |
E2Pdf < 1.16.45 | Stored XSS | CVE-2022-0535 | 2022-02-04 | https://wpscan.com/vulnerability/a4162e96-a3c5-4f38-a60b-aa3ed9508985 |
Shared Files < 1.6.61 | Stored XSS | CVE-2021-24856 | 2021-10-11 | https://wpscan.com/vulnerability/8fd483fb-d399-4b4f-b4ef-bbfad1b5cf1b |
Helpful < 4.4.59 | Stored XSS | CVE-2021-24841 | 2021-10-06 | https://wpscan.com/vulnerability/55d11acf-8c47-40da-be47-24f74fd7566e |
Shop Page WP < 1.2.8 | Stored XSS | CVE-2021-24811 | 2021-09-30 | https://wpscan.com/vulnerability/000e65f1-89cd-4dd5-a09d-5febd9fdfbdb |